Info

Disclosure

May 03, 2003

Discovery

Apr 26, 2003

Dates

Exploit

Unknown

Solution

Unknown

Description

Happymall contains a flaw that may allow a malicious user to run arbitrary commands on the web server. The issue is triggered when an attacker uses a specially crafted URL. It is possible that the flaw may allow arbitrary code execution resulting in a loss of confidentiality, integrity, and/or availability.

Classification

Unknown or Incomplete

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Happycgi.com has released a patch to address this vulnerability.

Products

Happycgi.com	Happymall	4.3
		4.4

References

ISS X-Force ID: 11965
CVE ID: 2003-0243 (see also: NVD)
Bugtraq ID: 7530
Other Advisory URL: http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0058.html
http://securitytracker.com/alerts/2003/May/1006707.html

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/36218