2006-09-19 18:00:00
debian
PUBLISHED
Usermin before 1.220 (20060629) allows remote attackers to read arbitrary files, possibly related to chfn/save.cgi not properly handling an empty shell parameter, which results in changing roots shell instead of the shell of a specified user.