JVN#22536871: QQQ SYSTEMS vulnerable to arbitrary command injection

2018-03-13T00:00:00
ID JVN:22536871
Type jvn
Reporter Japan Vulnerability Notes
Modified 2018-03-13T00:00:00

Description

## Description

QQQ SYSTEMS provided by Gundam Cult QQQ is a perl CGI script to create quiz pages. QQQ SYSTEMS contains an OS command injection vulnerability (CWE-78).

## Impact

An attacker may execute an arbitrary OS command with the web server's execution privilege.

## Solution

Consider stop using QQQ SYTEMS 2.24
Since the developer was unreachable, it is unknown whether any mitigations exist.