PT-2002-3077 · Swais · Simple Wais

Published

2002-12-31

Updated

2008-09-05

CVE-2002-2365

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Simple WAIS (SWAIS) version 1.11

Description The issue allows remote attackers to execute arbitrary commands by using shell metacharacters in the search field. This can be achieved by utilizing characters such as the "|" (pipe) character.

Recommendations For Simple WAIS (SWAIS) version 1.11, consider restricting access to the search field to prevent the execution of arbitrary commands until a patch is available. As a temporary workaround, avoid using shell metacharacters, such as the "|" (pipe) character, in the search field.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2002-2365

Affected Products

Simple Wais

PT-2002-3077 · Swais · Simple Wais

CVE-2002-2365

Weakness Enumeration

Related Identifiers

Affected Products

References · 4