Intrusion Prevention

CGI.Simplestguest.Command.Execution

Description

This indicates an attempt to execute potentially malicious commands via the simplestguest.cgi program.


The simplestguest.cgi CGI program by Leif Wright is designed to coordinate guestbook submissions from website visitors. Due to inadequate user input checking, a remote attacker can execute arbitrary commands on a target system via shell metacharacters in the guestbook parameter.

Affected Products

Any unprotected Leif M. Wright simplestguest.cgi 2.0 is vulnerable to the attack.

Impact

Attackers can execute arbitrary commands on the victim system.

Recommended Actions

Apply appropriate patches or Upgrade the system to the latest non-vulnerable version.

CVE References

CVE-2001-0022