Auction Weaver 1.0 up to and including 1.04 does not properly validate the names of form fields, which allows remote malicious users to delete arbitrary files and directories via a .. (dot dot) attack.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cgi script center auction weaver 1.03 |
||
cgi script center auction weaver 1.04 |
||
cgi script center auction weaver 1.0 |
||
cgi script center auction weaver 1.01 |
||
cgi script center auction weaver 1.02 |