Auction Weaver 1.0 up to and including 1.04 allows remote malicious users to read arbitrary files via a .. (dot dot) attack on the username or bidfile form fields.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cgi script center auction weaver 1.03 |
||
cgi script center auction weaver 1.04 |
||
cgi script center auction weaver 1.0 |
||
cgi script center auction weaver 1.01 |
||
cgi script center auction weaver 1.02 |