Vulnerabilities > CVE-2002-0922 - Unspecified vulnerability in Cgiscript.Net Csnews 1.0/1.0Professional

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
cgiscript-net
exploit available
NVD
Published: 2002-10-04
Updated: 2008-09-05

Summary

CGIScript.net csNews.cgi allows remote attackers to obtain database files via a direct URL-encoded request to (1) default%2edb or (2) default%2edb.style, or remote authenticated users to perform administrative actions via (3) a database parameter set to default%2edb.

Vulnerable Configurations

Part Description Count
Application
Cgiscript.Net
2

Exploit-Db

descriptionCGIScript.net csNews 1.0 Double URL Encoding Unauthorized Administrative Access. CVE- 2002-0922,CVE-2002-0922. Webapps exploit for cgi platform
idEDB-ID:21532
last seen2016-02-02
modified2002-06-11
published2002-06-11
reporterSteve Gustin
sourcehttps://www.exploit-db.com/download/21532/
titleCGIScript.net csNews 1.0 Double URL Encoding Unauthorized Administrative Access

References