CVE-2002-0919
published 2002-10-04CVE-2002-0919: CGIScript.net csPassword.cgi allows remote authenticated users to modify the .htaccess file and gain privileges via newlines in the title field of the edit…
PriorityP429high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
3.10%
86.1th percentile
CGIScript.net csPassword.cgi allows remote authenticated users to modify the .htaccess file and gain privileges via newlines in the title field of the edit page.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cgiscript.net | cspassword | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
CGIScript.net - 'csPassword.cgi' 1.0 Information Disclosure
exploitdb·2002-05-30
CVE-2002-0919 CGIScript.net - 'csPassword.cgi' 1.0 Information Disclosure
CGIScript.net - 'csPassword.cgi' 1.0 Information Disclosure
---
source: https://www.securityfocus.com/bid/4887/info
CGIScript.net provides various webmaster related tools and is maintained by Mike Barone and Andy Angrick.
A vulnerability has been reported in the csPassword.cgi script developed by CGIScript.net that discloses potentially sensitive information to a user. When an error occurs with the csPassword.cgi script, it displays an error message with a lot of debugging information.
http://target/csPassword.cgi?command=remove
This will cause csPassword to execute the remove() function. This function is not defined and thus will cause an error page to be displayed.
Exploit-DB
CGIScript.net - 'csPassword.cgi' 1.0 HTAccess File Modification
exploitdb·2002-05-30
CVE-2002-0919 CGIScript.net - 'csPassword.cgi' 1.0 HTAccess File Modification
CGIScript.net - 'csPassword.cgi' 1.0 HTAccess File Modification
---
source: https://www.securityfocus.com/bid/4888/info
CGIScript.net provides various webmaster related tools and is maintained by Mike Barone and Andy Angrick.
A vulnerability has been reported in the csPassword.cgi script developed by CGIScript.net. It is possible for an authenticated user to add directives and make changes to the generated .htaccess file.
javascript:void(document.form1.title.outerHTML=" ");
Adding the javascript as part of the URL will change the text field into a textbox allowing users to enter newlines and other characters.
No writeups or analysis indexed.
2002-10-04
Published