Intrusion Prevention

Bslist.RemoteCommandExecution

Description

It indicates an attempt to execute potentially malicious command via bslist.cgi program.


Due to insufficient input validation, a remote attacker can execute arbitrary commands on a victim system via specially-crafted email address.

Affected Products

Any unprotected Brian Stanback bslist.cgi 1.0 is vulnerable to the attack.

Impact

Attackers can run arbitrary shell commands with the privilege level of the web server.

Recommended Actions

Upgrade the script to the latest non-vulnerable version.


CVE References

CVE-2001-0100