| VID |
21195 |
| Severity |
40 |
| Port |
80, ¡¦ |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
MiniVend is a free, Perl-based web shopping cart system for Unix systems. An insecure open() call in the MiniVend UTIL.PM module could allow remote attackers to execute arbitrary commands, if they have access to the VIEW_PAGE.HTML sample file. This vulnerability affects users who have installed the "simple" catalog that ships with MiniVend as a sample.
* References:
http://www.iss.net/security_center/static/4880.php
http://www.minivend.com/iri/mvend.html |
| Recommendation |
It is recommended that sample pages be removed from all production Web servers. Deleting the VIEW_PAGE.HTML file from your server is sufficient to remove this particular vulnerability until an official patch can be released. |
| Related URL |
CVE-2000-0635 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
