VULHUB ™

w3-msql is a cgi-program shipped with Mini-SQL which acts as a web interface for msql. There are a number of buffer overflow vulnerabilities in it with one proven to be exploitable. The exploitable buffer is the content-length field and the stack is overflowed inside of a scanf() call. As a result, it is possible to execute arbitrary code remotely as the uid of the webserver (usually nobody).

w3-msql is a cgi-program shipped with Mini-SQL which acts as a web interface for msql. There are a number of buffer overflow vulnerabilities in it with one proven to be exploitable. The exploitable buffer is the content-length field and the stack is overflowed inside of a scanf() call. As a result, it is possible to execute arbitrary code remotely as the uid of the webserver (usually nobody).