PT-2002-2565 · Unknown+1 · Htmlplog.Pm+2

Published

2002-12-31

Updated

2008-09-05

CVE-2002-1843

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Perlbot version 1.9.2

Description The issue allows remote attackers to execute arbitrary commands. This can be achieved by injecting shell metacharacters into specific variables, including the text variable in SpelCheck.pm or the filename variable in HTMLPlog.pm.

Recommendations For Perlbot version 1.9.2, consider restricting or sanitizing input to the text variable in SpelCheck.pm and the filename variable in HTMLPlog.pm to prevent the injection of shell metacharacters. As a temporary workaround, restrict access to these modules to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2002-1843

Affected Products

Htmlplog.Pm

Perlbot

Spelcheck.Pm

PT-2002-2565 · Unknown+1 · Htmlplog.Pm+2

CVE-2002-1843

Related Identifiers

Affected Products

References · 6