"There are a couple of scripts from bsScripts that
have holes in them because the author did not filter out ; from the form
input. The scripts that this affects is bsguest (a guestbook script) and
bslist (a mailing list script). The hole allows anyone to execute
commands on the server. The author has been informed and the holes
are now patched in the latest release." More at HelpNet Security.
December 21, 2000