CVE-1999-1053

guestbook.pl cleanses user-inserted SSI commands by removing text between "" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "–>".

Date published : 2001-09-12

http://www.securityfocus.com/bid/776

http://www.securityfocus.com/archive/1/33674