FAQManager Arbitrary File Reading Vulnerability Network Vulnerability

Summary

FAQManager is a Perl-based CGI for maintaining a list of Frequently asked Questions. Due to poor input validation it is possible to use this CGI to view arbitrary files on the web server. For example: http://www.someserver.com/cgi-bin/faqmanager.cgi?toc=/etc/passwd%00

Solution

A new version of FAQManager is available at: www.fourteenminutes.com/code/faqmanager/

Severity

Classification

CVE CVE-2002-2033

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Advanced Image Hosting Cross Site Scripting Vulnerability
Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
12Planet Chat Server one2planet.infolet.InfoServlet XSS
Apache Web Server ETag Header Information Disclosure Weakness
Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability

Take action and discover your vulnerabilities