CGI Exec contents.gifindex.gif

CGI Exec

The scan engine caused a CGI program to execute an arbitrary command. If a CGI program can be tricked into echoing back characters, it can potentially be exploited to execute other commands that pose a security risk.

Risk: High

Fix: Remove the offending program if possible. Otherwise, disable the program until the bug can be diagnosed and fixed. Make sure that CGI programs do not pass unchecked user input to a shell for execution.