PT-2003-1627 · Mnogosearch · Mnogosearch
Published
2003-06-20
·
Updated
2008-09-10
·
CVE-2003-0437
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions:
mnoGoSearch version 3.2.10
Description:
The issue is related to a buffer overflow in the search.cgi component. This occurs when a remote attacker sends a long
tmplt parameter, allowing the execution of arbitrary code.Recommendations:
For mnoGoSearch version 3.2.10, consider restricting access to the search.cgi component until a patch is available. As a temporary workaround, avoid using long values for the
tmplt parameter to minimize the risk of exploitation.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Mnogosearch