CVE-2001-1130

CVSS 7.5 - HIGH

Description

Sdbsearch.cgi in SuSE Linux 6.0-7.2 could allow remote attackers to execute arbitrary commands by uploading a keylist.txt file that contains filenames with shell metacharacters, then causing the file to be searched using a .. in the HTTP referer (from the HTTP_REFERER variable) to point to the directory that contains the keylist.txt file.

Affected Products

6

Vendor	Product	Version
suse	suse_linux	`6.0`
suse	suse_linux	`6.3`
suse	suse_linux	`6.4`
suse	suse_linux	`7.0`
suse	suse_linux	`7.1`
suse	suse_linux	`7.2`

References

http://www.novell.com/linux/security/advisories/20...

http://www.securityfocus.com/archive/1/201216

https://exchange.xforce.ibmcloud.com/vulnerabiliti...

http://www.novell.com/linux/security/advisories/20...

http://www.securityfocus.com/archive/1/201216

https://exchange.xforce.ibmcloud.com/vulnerabiliti...

Weakness Types

NVD-CWE-Other

CVE Information

CVE ID:: CVE-2001-1130
Published:: 2001-08-02
Modified:: 2026-04-16
CVSS Score:: 7.5
Severity:: HIGH
Vector:: AV:N/AC:L/Au:N/C:P/I:P/A:P

Affected Vendors

suse

Quick Actions

View on NVD Find Similar CVEs

CVSS Severity Scale

0.0 - 3.9 LOW

4.0 - 6.9 MEDIUM

7.0 - 8.9 HIGH

9.0 - 10.0 CRITICAL