Un-CGI 1.9 and earlier does not verify that a CGI script has the execution bits set before executing it, which allows remote attackers to execute arbitrary commands by directing Un-CGI to a document that begins with #! and the desired program name.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Un-cgi | Steve_grimm | 1.0 | 1.0 |
Un-cgi | Steve_grimm | 1.1 | 1.1 |
Un-cgi | Steve_grimm | 1.2 | 1.2 |
Un-cgi | Steve_grimm | 1.3 | 1.3 |
Un-cgi | Steve_grimm | 1.4 | 1.4 |
Un-cgi | Steve_grimm | 1.5 | 1.5 |
Un-cgi | Steve_grimm | 1.6 | 1.6 |
Un-cgi | Steve_grimm | 1.6.1 | 1.6.1 |
Un-cgi | Steve_grimm | 1.6.2 | 1.6.2 |
Un-cgi | Steve_grimm | 1.7 | 1.7 |
Un-cgi | Steve_grimm | 1.8 | 1.8 |
Un-cgi | Steve_grimm | 1.9 | 1.9 |