Описание
Absolute path traversal vulnerability in convert.cgi in Quirex 2.0.2 and earlier allows remote attackers to read arbitrary files, and possibly execute arbitrary code, via the (1) quiz_head, (2) quiz_foot, and (3) template variables.
Absolute path traversal vulnerability in convert.cgi in Quirex 2.0.2 and earlier allows remote attackers to read arbitrary files, and possibly execute arbitrary code, via the (1) quiz_head, (2) quiz_foot, and (3) template variables.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2006-0795
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24672
- http://evuln.com/vulns/78/summary.html
- http://secunia.com/advisories/18926
- http://www.securityfocus.com/archive/1/426188/100/0/threaded
- http://www.securityfocus.com/bid/16709
- http://www.vupen.com/english/advisories/2006/0641
Связанные уязвимости
nvd
почти 20 лет назад
Absolute path traversal vulnerability in convert.cgi in Quirex 2.0.2 and earlier allows remote attackers to read arbitrary files, and possibly execute arbitrary code, via the (1) quiz_head, (2) quiz_foot, and (3) template variables.