CVE-2004-1263 Information

Description

changepassword.cgi in ChangePassword 0.8 when installed setuid allows local users to execute arbitrary code by modifying the PATH environment variable to point to a malicious \make\ program.

Reference

http://tigger.uic.edu/~jlongs2/holes/changepassword.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/18593