Dispair 0.1/0.2 - Remote Command Execution

Author: anonymous
type: webapps
platform: cgi
port: nan
date_added: 2002-07-30 
date_updated: 2012-10-03 
verified: 1 
codes: CVE-2002-1868;OSVDB-59656 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/5392/info

Dispair fails to sufficiently validate user-supplied input before it is passed to the shell via the Perl open() function. Remote attackers may potentially exploit this issue to execute arbitrary commands on the underlying shell with the privileges of the webserver process.

http://target/cgi-bin/dispair.cgi?file=fiddle&view=%0A/usr/bin/id