Back to search
CVE-2001-1130
Published: Jun 25, 2002
Modified: Aug 8, 2024
PUBLISHED
Description
Sdbsearch.cgi in SuSE Linux 6.0-7.2 could allow remote attackers to execute arbitrary commands by uploading a keylist.txt file that contains filenames with shell metacharacters, then causing the file to be searched using a .. in the HTTP referer (from the HTTP_REFERER variable) to point to the directory that contains the keylist.txt file.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
sdbsearch-cgi-command-execution(7003)
vdb-entry
x_refsource_XF
20010802 suse: sdbsearch.cgi vulnerability
mailing-list
x_refsource_BUGTRAQ
SuSE-SA:2001:027
vendor-advisory
x_refsource_SUSE
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now