The CControl::Download function (/dl URI) in Winamp Web Interface (Wawi) 7.5.13 and earlier allows remote authenticated users to download arbitrary file types under the root via a trailing "." (dot) in a filename in the file parameter, related to erroneous behavior of the IsWinampFile function.
References
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2006-12-14 01:28
Updated : 2024-02-28 11:01
NVD link : CVE-2006-6513
Mitre link : CVE-2006-6513
CVE.ORG link : CVE-2006-6513
JSON object : View
Products Affected
flippet.org
- winamp_web_interface
CWE