AHG.Search.Command.Execution

description-logoDescription

It indicates an attempt to execute a malicious command on AHG Search Engine.


HTMLsearch Search Engine software distributed by AHG by default is accessable via publisher/search.cgi. Due to insufficuient input sanitization, an attacker can execute arbitrary command on a target system by sending it a specially-crafted URL.


affected-products-logoAffected Products

Any unprotected AHG HTMLSearch 1.0 is vulnerable.

Impact logoImpact

Attackers can execute arbitrary commands on the victim system.

recomended-action-logoRecommended Actions

Upgrade the search engine to the latest non-vulnerable version.


Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

References

1