Vulnerabilities > CVE-2002-0922 - Unspecified vulnerability in Cgiscript.Net Csnews 1.0/1.0Professional
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
CGIScript.net csNews.cgi allows remote attackers to obtain database files via a direct URL-encoded request to (1) default%2edb or (2) default%2edb.style, or remote authenticated users to perform administrative actions via (3) a database parameter set to default%2edb.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Exploit-Db
description | CGIScript.net csNews 1.0 Double URL Encoding Unauthorized Administrative Access. CVE- 2002-0922,CVE-2002-0922. Webapps exploit for cgi platform |
id | EDB-ID:21532 |
last seen | 2016-02-02 |
modified | 2002-06-11 |
published | 2002-06-11 |
reporter | Steve Gustin |
source | https://www.exploit-db.com/download/21532/ |
title | CGIScript.net csNews 1.0 Double URL Encoding Unauthorized Administrative Access |