Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Internet Information Services Other Vulnerability (CVE-2002-1180)

Description

A typographical error in the script source access permissions for Internet Information Server (IIS) 5.0 does not properly exclude .COM files, which allows attackers with only write permissions to upload malicious .COM files, aka "Script Source Access Vulnerability."

Remediation

References

Related Vulnerabilities

WordPress Plugin Email Subscribers by Icegram Express-Email Marketing, Newsletters, Automation for WordPress & WooCommerce Cross-Site Scripting (5.7.15)

WordPress Plugin Easy Testimonials Cross-Site Scripting (3.0.4)

WordPress Plugin Visual Website Collaboration, Feedback & Project Management-Atarim Cross-Site Scripting (3.30)

WordPress Plugin Contact Form to DB by BestWebSoft-Messages Database For WordPress SQL Injection (1.7.2)

WordPress Plugin Super Refer A Friend Information Disclosure (1.0)

Severity

High

Classification

CVE-2002-1180

Tags

Missing Update Known Vulnerabilities