Description
Auction Weaver CGI script 1.02 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the fromfile parameter.
Affected products
- cgi_script_center / auction_weaver1.0 – 1.0
- cgi_script_center / auction_weaver1.02 – 1.02