Un-CGI 1.9 and earlier does not verify that a CGI script has the execution bits set before executing it, which allows remote attackers to execute arbitrary commands by directing Un-CGI to a document that begins with "#!" and the desired program name.
8.1AI Score
0.069EPSS
Directory traversal vulnerability in Un-CGI 1.9 and earlier allows remote attackers to execute arbitrary code via a .. (dot dot) in an HTML form.
7.9AI Score
0.026EPSS