 |
Name:
CGI.Guestbook.SSI.Command.Execution
|
Released Date:
Jun 10 2008
|
Severity:
high
|
CVE:
1999-1053
|
|
|
Bugtraq:
776
|
|
|
|
|
FortiGuard Center
> Vulnerability Encyclopedia
In-Depth Analysis
|
Description
|
This indicates an attempt to exploit a remote command execution vulnerability in the Guestbook software.
The vulnerability is caused by improper user input sanitation. A malicious user may include some SSI commands to execute remote arbitrary commands on the vulnerable system.
|
|
|
|
Impact
|
|
System Compromise: Remote attackers can gain control of vulnerable systems.
|
|
|
|
Affected Products
|
|
Matt Wright GuestBook 2.3
|
|
Aliases
|
|
References
|
http://www.securityfocus.com/bid/776
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=1999-1053
|
|
Recommended Actions
|
|
Currently, we are not aware of any vendor-supplied patch for this issue. We recommend disabling SSI server extensions as a temporary solution.
|
|
