CGI.CSVForm.Arbitrary.Command.Execution

description-logoDescription

It indicates an attacker attempted to exploit a bug in CVSForm and execute unauthorized commmands. CSVForm is a Perl cgi used to format cgi input into a comma separated text file. The script fails to properly validate user supplied input given as the file to open. A malicious attacker can leverage this to execute script commands against the system.

affected-products-logoAffected Products

Mutasem Abudahab CSVFormPlus 1.0 and Mutasem Abudahab CSVForm 0.1

Impact logoImpact

Compromise of the affected system.

recomended-action-logoRecommended Actions

Apply appropriate patch from the vendor or Upgrade to non-vulnerable version if available.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)