5
CVE-2003-1365
- EPSS 1.89%
- Veröffentlicht 31.12.2003 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:04:01
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The escape_dangerous_chars function in CGI::Lite 2.0 and earlier does not correctly remove special characters including (1) "\" (backslash), (2) "?", (3) "~" (tilde), (4) "^" (carat), (5) newline, or (6) carriage return, which could allow remote attackers to read or write arbitrary files, or execute arbitrary commands, in shell scripts that rely on CGI::Lite to filter such dangerous inputs.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.89% | 0.769 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:P/A:N
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0065.html
http://search.cpan.org/~smylers/CGI-Lite-2.02/Lite.pm
http://securityreason.com/securityalert/3237
http://use.perl.org/~cbrooks/journal/10542
http://www.securityfocus.com/archive/1/311414
http://www.securityfocus.com/bid/6833
https://exchange.xforce.ibmcloud.com/vulnerabilities/11308