MidnightBSD

Advisories for coder-world

CVE-2006-1831 HIGH

Direct static code injection vulnerability in sysinfo.cgi in sysinfo 1.21 and possibly other versions before 2.25 allows remote attackers to execute arbitrary commands via a leading ; (semicolon) in the name parameter in a systemdoc action, which is injected into phpinfo.php.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
coder-world sysinfo 1.21
CVE-2006-1832 MEDIUM

sysinfo.cgi in sysinfo 1.21 allows remote attackers to obtain the installation path via the debugger action.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
coder-world sysinfo 1.21