CVE-2011-2201

Data::FormValidator <4.66 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-2201. PoCs published by dst.

AI-analyzed exploit summary This exploit demonstrates a security-bypass vulnerability in the Perl Data::FormValidator module. By leveraging a regex untainting issue, it bypasses constraint checks to validate input that should otherwise fail.

Description

The Data::FormValidator module 4.66 and earlier for Perl, when untaint_all_constraints is enabled, does not properly preserve the taint attribute of data, which might allow remote attackers to bypass the taint protection mechanism via form input.

Exploits (1)

exploitdb WORKING POC VERIFIED

by dst · perlremotelinux

https://www.exploit-db.com/exploits/35836

View Code ZIP pw:eip

This exploit demonstrates a security-bypass vulnerability in the Perl Data::FormValidator module. By leveraging a regex untainting issue, it bypasses constraint checks to validate input that should otherwise fail.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Data::FormValidator 4.66

No auth needed

Prerequisites: Perl environment with Data::FormValidator 4.66 installed

MITRE ATT&CK