PT-2003-1627 · Mnogosearch · Mnogosearch
Publicado
2003-06-20
·
Atualizado
2008-09-10
·
CVE-2003-0437
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions:
mnoGoSearch version 3.2.10
Description:
The issue is related to a buffer overflow in the search.cgi component. This occurs when a remote attacker sends a long
tmplt parameter, allowing the execution of arbitrary code.Recommendations:
For mnoGoSearch version 3.2.10, consider restricting access to the search.cgi component until a patch is available. As a temporary workaround, avoid using long values for the
tmplt parameter to minimize the risk of exploitation.Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Mnogosearch