Vulnerability: mnogosearch-3.1.19 and prior

qitest1 security advisory warns a bug has been detected in the SQL based web search engine mnoGoSearch, which could be abused by remote attackers to execute code with web server privileges.

When the search engine receives a too long query string (q var), search.cgi segfaults (http://127.0.0.1/cgi-bin/search.cgi?q=query). The bug resides in a bad management of heap-allocated memory.

More information and a work-around are available on the qitest1 website: http://qitest1.0xfee1dead.net/

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about CGI

Show Comments