The textcounter.pl script is a Perl script used by some older web applications to display counter values. This vulnerability allows remote attackers to execute arbitrary commands via shell metacharacters, potentially leading to unauthorized access and data tampering.
You're affected if you use the original "textcounter.pl" script from Matt Wright's website. If you don't recognise this, you're probably not affected. Version info: Not specified in the advisory.
Contact Matt Wright directly for a patched version - there's no public patch link in the advisory.
Immediate mitigations:
- Restrict access to your textcounter.pl script (firewall it from the public internet)
- Audit server logs for suspicious activity patterns
- Monitor for unauthorized command execution