Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
CGIscript.net csMailto.cgi program allows remote attackers to use csMailto as a "spam proxy" and send mail to arbitrary users via modified (1) form-to, (2) form-from, and (3) form-results parameters.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
CGIScript.NET csMailto隐藏表单字段远程命令可执行漏洞
Vulnerability Description
CGIScript.NET csMailto是一款设计支持多个Mailto:表单的PERL脚本代码。 CGIScript.NET csMailto在处理隐藏表单值时存在问题,可导致攻击者以httpd进程的权限在目标系统上执行任意命令。 脚本把所有配置数据存储在隐藏表单中,远程攻击者可以通过更改这些配置数据,导致任意命令以httpd进程的权限在目标系统上执行。 脚本没有对所有引用进行检查,只检查了你发送的引用中是否存在服务器主机名,如 http://host.com/cgi-script/CSMailto/
CVSS Information
N/A
Vulnerability Type
N/A