Cgi Script Center: >> Auction Weaver Security Vulnerabilities
Auction Weaver 1.0 through 1.04 does not properly validate the names of form fields, which allows remote attackers to delete arbitrary files and directories via a .. (dot dot) attack.
CVSS Score
7.5
EPSS Score
0.006
Published
2000-12-19
Auction Weaver 1.0 through 1.04 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the username or bidfile form fields.
CVSS Score
5.0
EPSS Score
0.007
Published
2000-12-19
Auction Weaver CGI script 1.03 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack in the fromfile parameter.
CVSS Score
5.0
EPSS Score
0.007
Published
2000-10-20
Auction Weaver CGI script 1.03 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack in the catdir parameter.
CVSS Score
10.0
EPSS Score
0.01
Published
2000-10-20
Auction Weaver CGI script 1.02 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the fromfile parameter.
CVSS Score
10.0
EPSS Score
0.054
Published
2000-10-20