User Manual does not adequately validate user input, allowing attackers to execute arbitrary commands on the server.
Unix Manual (as known as manual.php) is a PHP script used to lookup and display man pages on the web. User Manual does not adequately filter user input before passing it to the shell, allowing attackers to submit and execute arbitrary commands on the server.
Remote attackers can execute arbitrary commands on the server with privileges of the web server process.
The CERT/CC is currently unaware of a practical solution to this problem.
Vendor| Status| Date Notified| Date Updated
Marcus S. Xenakis| | -| 24 Sep 2002
If you are a vendor and your product is affected, let us know.
Group | Score | Vector
Base | N/A | N/A
Temporal | N/A | N/A
Environmental | N/A | N/A
Thanks to Florian Hobelsberger of BlueScreen for reporting this vulnerability.
This document was written by Shawn Van Ittersum.