Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2001-1138
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Directory traversal vulnerability in r.pl (aka r.cgi) of Randy Parker Power Up HTML 0.8033beta allows remote attackers to read arbitrary files and possibly execute arbitrary code via a .. (dot dot) in the FILE parameter.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Power Up HTML 目录遍历导致文件泄漏或代码执行
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
CVE(CAN) ID: CAN-2001-1138 Power Up HTML是一系列类似HTML的命令,它们可以放在web页面中扩展HTML编程的能力。 然而Power Up HTML所包含的一个CGI程序r.cgi存在一个目录遍历漏洞,它没有检查用户 输入数据中是否包含"../"或者shell元字符等特殊字符,就将将其交给了一个open调用。 这导致攻击者可以以web服务器运行权限查看任意文件以及执行任意命令。 有问题的部分在下列代码中: if ( open(FILE, "$in{BFDIR}/$i
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
-n/a n/a -
II. Public POCs for CVE-2001-1138
#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2001-1138
Please Login to view more intelligence information
New Vulnerabilities
Product: n/a
Vendor: n/a
V. Comments for CVE-2001-1138

No comments yet

Leave a comment