- Home
- CVEs with nessus.description==The remote web server contains the 'nph-test-cgi' test script, which is included by default with some web servers.
The version of this script on the remote host fails to quote input to several environment variables, such as 'QUERY_STRING', before echoing it back as part of a shell script. An unauthenticated attacker can leverage this issue to list the contents of directories on the remote host, subject to the permissions of the web server user id.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top