CGIScript.net csPassword.cgi leaks sensitive information such as the pathname of the server in debug messages that are presented when the script fails, which allows remote attackers to obtain the information via a "remove" option in the command parameter, which generates an error.

Threat-Mapped Scoring

Score: 3.0

Priority: P2 - Serious (High)

• S1 – Steal Customer Account Information

EPSS

Score: 0.08581
Percentile: 0.91992

CVSS Scoring

Affected Products

• cpe:2.3:a:cgiscript.net:cspassword:1.0:*:*:*:*:*:*:*

← Back to Home