blog.cgi in Leif M. Wright Web Blog 1.1 and 1.1.5 allows remote attackers to execute arbitrary commands via shell metacharacters such as | in the file parameter of ViewFile requests.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Web_blog | Leif_m._wright | 1.1 (including) | 1.1 (including) |
Web_blog | Leif_m._wright | 1.1.5 (including) | 1.1.5 (including) |