QwikSec

Security Database

CVE

CWE

Training

CVE-2017-17562

Published: Dec 12, 2017

Modified: Oct 21, 2025

PUBLISHED

Description

Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. This is a result of initializing the environment of forked CGI scripts using untrusted HTTP request parameters in the cgiHandler function in cgi.c. When combined with the glibc dynamic linker, this behaviour can be abused for remote code execution using special parameter names such as LD_PRELOAD. An attacker can POST their shared object payload in the body of the request, and reference it using /proc/self/fd/0.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/elttam/advisories/tree/master/CVE-2017-17562

x_refsource_MISC

vdb-entry

x_refsource_SECTRACK

https://www.elttam.com.au/blog/goahead/

x_refsource_MISC

exploit

x_refsource_EXPLOIT-DB

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

x_refsource_CONFIRM

https://github.com/embedthis/goahead/commit/6f786c123196eb622625a920d54048629a7caa74

x_refsource_MISC

https://github.com/embedthis/goahead/issues/249

x_refsource_MISC

exploit

x_refsource_EXPLOIT-DB

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

CVE-2017-17562 - Security Vulnerability | QwikSec