Web-Passwd-0.03

Security Advisories (1)

CVE-2026-8500 (2026-05-13)

Web::Passwd versions through 0.03 for Perl is vulnerable to RCE. Web::Passwd is a small CGI application for managing htpasswd files using the htpasswd command. The user parameter is not validated or escaped, and is used as the last argument on the command line, allowing for command injection.

https://metacpan.org/release/EVANK/Web-Passwd-0.03
https://httpd.apache.org/docs/current/programs/htpasswd.html

Changes for version 0.03 - 2007-02-07

Added Build.PL for systems without a make utility Added 'form_method' configuration directive Replaced $Config package variable with lexical variable Fixed minor typos/errors in POD documentation Fixed a permission issue with the distribution (credit to Mark Stosberg)

Modules

Web::Passwd

Web-based htpasswd Management

Examples

example/custom.pl
example/default.conf
example/default.pl
example/templates/index.tmpl
example/templates/status.tmpl
example/templates/view.tmpl

Other files

Build.PL
Changes
MANIFEST
META.yml
Makefile.PL
README
TODO

To install Web::Passwd, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Web::Passwd

CPAN shell

perl -MCPAN -e shell
install Web::Passwd

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)

Changes for version 0.03 - 2007-02-07

Modules

Examples

Other files

Module Install Instructions

Keyboard Shortcuts