ALERT : Widespread CGI Vulnerability grants administrator status
qDefense has released an advisory concerning CGI's that notes that
they are vulnerable to a remote flat file database manipulation
vulnerability, possibly giving malicious users CGI administrator
status and, thus, read/write/execute privileges.
The problem apparently lies in a failure to validate input. According
to the qDense advisory, numerous CGI's store data, including
passwords, in a flat file database, using special characters as field
and row delimiters. Those which allow multiple users to log on, and