CVE-2004-1263

Description

changepassword.cgi in ChangePassword 0.8, when installed setuid, allows local users to execute arbitrary code by modifying the PATH environment variable to point to a malicious "make" program.

CVSS Version 2.0

nvd
CVE ID: CVE-2004-1263
Base Score: 7.2
Base Severity: HIGH
Vector String:AV:L/AC:L/Au:N/C:C/I:C/A:C

Refrence: NVD

Description​

Description