AHG.Search.Command.Execution
Description
It indicates an attempt to execute a malicious command on AHG Search Engine.
HTMLsearch Search Engine software distributed by AHG by default is accessable via publisher/search.cgi. Due to insufficuient input sanitization, an attacker can execute arbitrary command on a target system by sending it a specially-crafted URL.
Affected Products
Any unprotected AHG HTMLSearch 1.0 is vulnerable.
Impact
Attackers can execute arbitrary commands on the victim system.
Recommended Actions
Upgrade the search engine to the latest non-vulnerable version.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |