Users login

Create an account »


Users login

Home » Hacking News » CSNews Professional Remote Command Execution Vulnerability

CSNews Professional Remote Command Execution Vulnerability

by Nikola Strahija on April 10th, 2002 csNews Professional is a script for managing news items on a website. It will run on most Unix and Linux variants, as well as Microsoft Windows operating systems.

csNews Professional is prone to an issue which may enable an attacker to execute Perl code with the privileges of the webserver process.

For exploitation to be successful, the attacker must pass properly URL encoded Perl code in CGI parameters via a web request. For example:


Remote: Yes

Exploit: This vulnerability may be exploited with a web browser.

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »