PT-2001-1321 · Cgi Script Center · Cgi Script Center Subscribe Me Lite

Published

2001-02-02

Updated

2017-12-19

CVE-2001-0086

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions: CGI Script Center Subscribe Me LITE versions 2.0 and earlier

Description: The issue allows remote attackers to delete arbitrary mailing list users without authentication. This is achieved by directly calling the "subscribe.pl" script with the target address as a parameter, specifically the target address variable.

Recommendations: For versions 2.0 and earlier, as a temporary workaround, consider restricting access to the "subscribe.pl" script until a patch is available. Avoid using the target address parameter in the affected script to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2001-0086

Affected Products

Cgi Script Center Subscribe Me Lite

PT-2001-1321 · Cgi Script Center · Cgi Script Center Subscribe Me Lite

CVE-2001-0086

Related Identifiers

Affected Products

References · 4