Steve Grimm: >> Un-Cgi Security Vulnerabilities
Un-CGI 1.9 and earlier does not verify that a CGI script has the execution bits set before executing it, which allows remote attackers to execute arbitrary commands by directing Un-CGI to a document that begins with "#!" and the desired program name.
CVSS Score
7.5
EPSS Score
0.03
Published
2001-07-17
Directory traversal vulnerability in Un-CGI 1.9 and earlier allows remote attackers to execute arbitrary code via a .. (dot dot) in an HTML form.
CVSS Score
7.5
EPSS Score
0.048
Published
2001-07-17