2000-09-21 04:00:00
mitre
PUBLISHED
Auction Weaver CGI script 1.03 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack in the fromfile parameter.