CVE-2011-2201

Data::FormValidator <4.66 - Info Disclosure

Title source: llm

Description

The Data::FormValidator module 4.66 and earlier for Perl, when untaint_all_constraints is enabled, does not properly preserve the taint attribute of data, which might allow remote attackers to bypass the taint protection mechanism via form input.

Exploits (1)

exploitdb WORKING POC VERIFIED

by dst · perlremotelinux

https://www.exploit-db.com/exploits/35836

View Code ZIP pw:eip

References (8)

[Exploit, Patch] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629511

[Exploit, Patch] http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065416.html

[Exploit, Patch] http://www.openwall.com/lists/oss-security/2011/06/12/3

[Exploit, Patch] http://www.openwall.com/lists/oss-security/2011/06/13/13

[Exploit] http://www.securityfocus.com/bid/48167

[Exploit, Patch] https://bugzilla.redhat.com/show_bug.cgi?id=712694

[Exploit] https://rt.cpan.org/Public/Bug/Display.html?id=61792

[Mailing List] http://www.openwall.com/lists/oss-security/2011/06/13/5

Scores

EPSS 0.1316

EPSS Percentile 94.2%

Details

CWE

CWE-264

Status published

Products (1)

mark_stosberg/data\ \ formvalidator (50 CPE variants)

Published Sep 14, 2011

Tracked Since Feb 18, 2026