CVE-2003-0398 | Vulnerability Database | Aqua Security

Vignette StoryServer 4 and 5, and Vignette V/5 and V/6, with the SSI EXEC feature enabled, allows remote attackers to execute arbitrary code via a text variable to a Vignette Application that is later displayed.

Affected Software

Name	Vendor	Start Version	End Version
Content_suite	Vignette	6.0 (including)	6.0 (including)
Content_suite	Vignette	7.0 (including)	7.0 (including)
Storyserver	Vignette	4.0 (including)	4.0 (including)
Storyserver	Vignette	4.1 (including)	4.1 (including)
Storyserver	Vignette	5.0 (including)	5.0 (including)
Vignette	Vignette	5.0 (including)	5.0 (including)

References

http://marc.info/?l=bugtraq\u0026m=105405734223874\u0026w=2
http://www.iss.net/security_center/static/12077.php
http://www.s21sec.com/es/avisos/s21sec-016-en.txt
http://www.securityfocus.com/bid/7685
http://marc.info/?l=bugtraq\u0026m=105405734223874\u0026w=2
http://www.iss.net/security_center/static/12077.php
http://www.s21sec.com/es/avisos/s21sec-016-en.txt
http://www.securityfocus.com/bid/7685

NVD	https://nvd.nist.gov/vuln/detail/CVE-2003-0398
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html