Cgi Script Center: >> Auction Weaver >> 1.03 Security Vulnerabilities
Auction Weaver 1.0 through 1.04 does not properly validate the names of form fields, which allows remote attackers to delete arbitrary files and directories via a .. (dot dot) attack.
CVSS Score
7.5
EPSS Score
0.006
Published
2000-12-19
Auction Weaver 1.0 through 1.04 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the username or bidfile form fields.
CVSS Score
5.0
EPSS Score
0.007
Published
2000-12-19