Intrusion Prevention

CGI.CSVForm.Arbitrary.Command.Execution

Description

It indicates an attacker attempted to exploit a bug in CVSForm and execute unauthorized commmands. CSVForm is a Perl cgi used to format cgi input into a comma separated text file. The script fails to properly validate user supplied input given as the file to open. A malicious attacker can leverage this to execute script commands against the system.

Affected Products

Mutasem Abudahab CSVFormPlus 1.0 and Mutasem Abudahab CSVForm 0.1

Impact

Compromise of the affected system.

Recommended Actions

Apply appropriate patch from the vendor or Upgrade to non-vulnerable version if available.

CVE References

CVE-2001-1187