CVE-2006-0628 Information

Description

myquiz.pl in Dale Ray MyQuiz 1.01 allows remote attackers to execute arbitrary commands via shell metacharacters in the URL which are not properly handled as part of the PATH_INFO environment variable.

Reference

http://attrition.org/pipermail/vim/2006-February/000537.html http://secunia.com/advisories/18737 http://securityreason.com/securityalert/409 http://www.corantodemo.net/coranto/viewnews.cgi?id=EpApAAAVkyirPGThSf&style=dldetails http://www.evuln.com/vulns/57/summary.html http://www.osvdb.org/22925 http://www.securityfocus.com/archive/1/423921/100/0/threaded http://www.securityfocus.com/archive/1/424266/100/0/threaded http://www.vupen.com/english/advisories/2006/0443 https://exchange.xforce.ibmcloud.com/vulnerabilities/24501