Web::Passwd Perl CGI Application Remote Code Execution Vulnerability

Vulnerability

A remote code execution vulnerability exists in Web::Passwd versions through 0.03 for Perl. This small CGI application manages htpasswd files using the htpasswd command. The vulnerability arises because the user parameter is not properly validated or escaped, allowing for command injection by injecting malicious commands that are executed on the server.

Impact

Exploitation of this vulnerability allows for remote code execution on the server where the vulnerable Web::Passwd application is running.

Added: May 13, 2026, 11:19 PM

Updated: May 13, 2026, 11:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.6

remediation

0.0

relevance

8.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.6

remediation

0.0

relevance

8.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Web::Passwd Perl CGI Application Remote Code Execution Vulnerability

Vulnerability

Impact

Affected Products

EVANK Web::Passwd

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating