Search...

CVE-2002-2420

2002-12-31T00:00:00

ID CVE-2002-2420
Type cve
Reporter NVD
Modified 2008-09-05T16:33:10

Description

site_searcher.cgi in Super Site Searcher allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter.

JSON Vulners Source

Initial Source

{"href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-2420", "history": [], "references": ["http://www.securityfocus.com/bid/5605", "http://securitytracker.com/id?1005190"], "lastseen": "2016-09-03T03:52:59", "bulletinFamily": "NVD", "title": "CVE-2002-2420", "cpe": ["cpe:/a:independent_solution:simple_site_searcher", "cpe:/a:independent_solution:super_site_searcher"], "viewCount": 1, "id": "CVE-2002-2420", "hash": "c9b839b925e8218362ddae6971c39feadd6cdfb4de34d598c5ccc24f64194a7f", "description": "site_searcher.cgi in Super Site Searcher allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter.", "edition": 1, "assessment": {"name": "", "href": "", "system": ""}, "cvelist": ["CVE-2002-2420"], "scanner": [], "modified": "2008-09-05T16:33:10", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "objectVersion": "1.2", "reporter": "NVD", "type": "cve", "published": "2002-12-31T00:00:00", "enchantments": {"score": {"value": 7.5, "vector": "NONE", "modified": "2016-09-03T03:52:59"}, "dependencies": {"references": [{"type": "exploitdb", "idList": ["EDB-ID:21768"]}], "modified": "2016-09-03T03:52:59"}, "vulnersScore": 7.5}}

{"exploitdb": [{"lastseen": "2016-02-02T17:13:48", "bulletinFamily": "exploit", "description": "Super Site Searcher Remote Command Execution Vulnerability. CVE-2002-2420. Webapps exploit for cgi platform", "modified": "2002-09-03T00:00:00", "published": "2002-09-03T00:00:00", "id": "EDB-ID:21768", "href": "https://www.exploit-db.com/exploits/21768/", "type": "exploitdb", "title": "Super Site Searcher Remote Command Execution Vulnerability", "sourceData": "source: http://www.securityfocus.com/bid/5605/info\r\n\r\nSuper Site Searcher is prone to remote command execution. Shell metacharacters are not adequately filtered from query string parameters in a request to the vulnerable search engine script. The parameters are then used in a function which passes commands directly through the shell.\r\n\r\nA remote attacker may exploit this condition to execute arbitrary commands on the shell with the privileges of the webserver process.\r\n\r\nSimple Site Searcher, released by the same vendor, is also prone to this issue. \r\n\r\nhttp://target/searchenginepath/site_searcher.cgi?page=|command| ", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/21768/"}]}