CVE-2000-0188

CVSS 2.0 Score 7.5 of 10 (high)

Details

Published Feb 27, 2000

Updated: Nov 20, 2024

Summary

CVE-2000-0188 is a vulnerability affecting the EZShopper 3.0 search.cgi CGI script. This issue allows remote attackers to read arbitrary files by exploiting a ".. (dot dot)" attack in the script. Additionally, attackers can execute commands using shell metacharacters, posing a significant security risk. The vulnerability could result in unauthorized access to sensitive data or system compromise. Users are advised to update to a secure version of the script or implement appropriate access controls to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/NWlWxy
https://www.cve.org/CVERecord?id=CVE-2000-0188
https://nvd.nist.gov/vuln/detail/CVE-2000-0188

Back to Vulnerability Database

CVE-2000-0188

CVSS 2.0 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations