CVE-2001-1130

critical

Description

Sdbsearch.cgi in SuSE Linux 6.0-7.2 could allow remote attackers to execute arbitrary commands by uploading a keylist.txt file that contains filenames with shell metacharacters, then causing the file to be searched using a .. in the HTTP referer (from the HTTP_REFERER variable) to point to the directory that contains the keylist.txt file.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/7003

http://www.securityfocus.com/archive/1/201216

http://www.novell.com/linux/security/advisories/2001_027_sdb_txt.html

Details

Source: Mitre, NVD

Published: 2001-08-02

Updated: 2017-10-10

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical