CGI Generic Command Execution Error


I have put few websites that are hosted on Cloudflare for PCI compliance scans and seems like it throws an error which says CGI Generic Command Execution (Blind). Do we have any fix for this on Cloudflare?

Best Regards

Do you have any more information about the error?

That doesn’t sound like a Cloudflare one.

CGI Generic SQL Injection (blind, time based)


A CGI application hosted on the remote web server is potentially prone to SQL injection attack.


By sending specially crafted parameters to one or more CGI scripts hosted on the remote web server, SecurityMetrics was able to get a slower response, which suggests that it may have been able to modify the behavior of the application and directly access the underlying database. An attacker may be able to exploit this issue to bypass authentication, read confidential data, modify the remote database, or even take control of the remote operating system. See also : The Web Application Security Consortium / SQL Injection

this was the scan result

This doesn’t seem Cloudflare related?

Unless you’re trying to say that you have the WAF enabled and it should be stopping any SQLi tests?

The WAF is disabled .

Before adding the workers on two domains there was no specific error related to this CGI