Summary
FAQManager is a Perl-based CGI for maintaining a list of Frequently asked Questions. Due to poor input validation it is possible to use this CGI to view arbitrary files on the web server. For example:
http://www.someserver.com/cgi-bin/faqmanager.cgi?toc=/etc/passwd%00
Solution
A new version of FAQManager is available at:
www.fourteenminutes.com/code/faqmanager/
Severity
Classification
-
CVE CVE-2002-2033 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- AeroMail Cross Site Request Forgery, HTML Injection and Cross Site Scripting Vulnerabilities
- Apache Struts2 'XWork' Information Disclosure Vulnerability
- appRain CMF 'uploadify.php' Remote Arbitrary File Upload Vulnerability
- 7Media Web Solutions EduTrac Directory Traversal Vulnerability
- 1024 CMS 1.1.0 Beta 'force_download.php' Local File Include Vulnerability