Among sample CGI programs included in Homepage Builder, anketo.cgi, kansou.cgi, and order.cgi contain an OS command injection vulnerability as they do not properly validate input data.
An arbitrary command could be executed on the web server with the privilege of the web server process.
Apply the Patch
Apply the patch named "HPBCGIFIX " or manually fix the CGI programs installed on the server by following the instructions provided by the vendor.
"HPBCGIFIX " fixes the CGI sample programs in the sample folder. CGI programs customized or copied to a userβs folder must be manually fixed.
For more information, please refer to the vendorβs website βHow to fix sample CGI of Homepage Builderβ
Servers deploying the sample CGI programs are affected.