WeHelpBUS contains a flaw that allows a remote command execution attack. This flaw exists because the application does not validate the QUERY_STRING variable upon submission to the sk.cgi.in script. This allows users to execute shell commands with the privileges of the web server.
-
时间线
2004-10-14
2004-10-14
2004-10-14
Unknow
-
解决方案
Upgrade to version 0.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.