|
Family: CGI abuses --> Category: infos
BulletScript MailList bsml.pl Information Disclosure Vulnerability Scan
Vulnerability Scan Summary Determine if MiniBB can be used to execute arbitrary commands
Detailed Explanation for this Vulnerability Test
The remote host is using BulletScript's bsml.pl, the web interface to a mailing
list manager.
The lack of authentication in this CGI may allow a possible hacker to gain
control on the email addresses database of the remote mailing list. A possible hacker
may use it to add or remove an e-mail address or to gather the list of
subscribers to the remote mailing list for spam purposes.
Solution: Disable this CGI
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|