Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The escape_dangerous_chars function in CGI::Lite 2.0 and earlier does not correctly remove special characters including (1) "\" (backslash), (2) "?", (3) "~" (tilde), (4) "^" (carat), (5) newline, or (6) carriage return, which could allow remote attackers to read or write arbitrary files, or execute arbitrary commands, in shell scripts that rely on CGI::Lite to filter such dangerous inputs.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
CGI Lite Perl模块元字符输入验证漏洞
Vulnerability Description
CGI::Lite Perl模块可以用来处理'multipart form'形式的资料(即上传)。 CGI::Lite Perl模块中的escape_dangerous_chars()函数不正确过滤用户提交的恶意字符,远程攻击者可以利用这个漏洞以CGI程序权限在系统上执行任意命令。 CGI::Lite::escape_dangerous_chars()函数没有正确过滤所有危险的字符,如'\ ? ~ ^ \n \r',结果可导致外部提供的输入由于没有进行充分过滤,直接用于其他Perl函数,可以导致以CGI权
CVSS Information
N/A
Vulnerability Type
N/A