Auction Weaver 1.0 through 1.04 does not properly validate the names of form fields, which allows remote attackers to delete arbitrary files and directories via a .. (dot dot) attack.
References
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2000-12-19 05:00
Updated : 2024-02-28 10:24
NVD link : CVE-2000-0810
Mitre link : CVE-2000-0810
CVE.ORG link : CVE-2000-0810
JSON object : View
Products Affected
cgi_script_center
- auction_weaver
CWE