The CControl::Download function (/dl URI) in Winamp Web Interface (Wawi) 7.5.13 and previous versions allows remote authenticated users to download arbitrary file types under the root via a trailing "." (dot) in a filename in the file parameter, related to erroneous behavior of the IsWinampFile function.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
flippet.org winamp web interface |
||
flippet.org winamp web interface 7.5.11 |
||
flippet.org winamp web interface 7.5.9 |