CVE-2001-1130

Published: Aug 2, 2001Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Sdbsearch.cgi in SuSE Linux 6.0-7.2 could allow remote attackers to execute arbitrary commands by uploading a keylist.txt file that contains filenames with shell metacharacters, then causing the file to be searched using a .. in the HTTP referer (from the HTTP_REFERER variable) to point to the directory that contains the keylist.txt file.

Affected (6)

Products: Suse: Suse Linux

Suse

1 product

Suse Linux

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Suse Suse Linux	Version 6.0
Suse Suse Linux	Version 6.3
Suse Suse Linux	Version 6.4
Suse Suse Linux	Version 7.0
Suse Suse Linux	Version 7.1
Suse Suse Linux	Version 7.2

References (6)

http://www.novell.com/linux/security/advisories/2001_027_sdb_txt.html

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/201216

Source: cve@mitre.org

PatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/7003

Source: cve@mitre.org

http://www.novell.com/linux/security/advisories/2001_027_sdb_txt.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/201216

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/7003

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.