MakeBook格式字段有效漏洞

漏洞信息详情

MakeBook格式字段有效漏洞

• CNNVD编号：CNNVD-200210-203
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2002-0948
  
• 漏洞类型：
  
  
  输入验证
  
• 发布时间：
  
  2002-10-04
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  scripts_for_educators
• 漏洞来源：
  Discovery of this …

Educators MakeBook 2.2 CGI的脚本存在漏洞。远程攻击者借助(1)Name或者(2)Email像其他访问者一样执行任意脚本或者像web服务器一样执行server-side includes (SSI)。

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com .
Scripts For Educators MakeBook 2.2
@securityfocus.com>

• Scripts For Educators makebook.tar.gz
  
  http://tesol.net/scripts/makebook.tar.gz

来源: XF
名称: makebook-name-field-validation(9356)
链接:http://www.iss.net/security_center/static/9356.php

来源: www.tesol.net
链接:http://www.tesol.net/scriptmail.html

来源: www.linguistic-funland.com
链接:http://www.linguistic-funland.com/scripts/MakeBook/makebook.script

来源: BID
名称: 4996
链接:http://www.securityfocus.com/bid/4996

来源: BUGTRAQ
名称: 20020613 Re: SSI & CSS execution in MakeBook 2.2
链接:http://cert.uni-stuttgart.de/archive/bugtraq/2002/06/msg00135.html

来源: BUGTRAQ
名称: 20020612 SSI & CSS execution in MakeBook 2.2
链接:http://archives.neohapsis.com/archives/bugtraq/2002-06/0094.html