Vulnerability: mnogosearch-3.1.19 and prior

qitest1 security advisory warns a bug has been detected in the SQL based web search engine mnoGoSearch, which could be abused by remote attackers to execute code with web server privileges.

When the search engine receives a too long query string (q var), search.cgi segfaults (http://127.0.0.1/cgi-bin/search.cgi?q=query). The bug resides in a bad management of heap-allocated memory.

More information and a work-around are available on the qitest1 website: http://qitest1.0xfee1dead.net/

Join the newsletter!

Error: Please check your email address.

More about CGI

Show Comments

Market Place