2003-03-18 05:00:00
mitre
PUBLISHED
admbrowse.php in FUDforum before 2.2.0 allows remote attackers to create or delete files via URL-encoded pathnames in the cur and dest parameters.