CVE-2002-0923

Description

CGIScript.net csNews.cgi allows remote authenticated users to read arbitrary files, and possibly gain privileges, via the (1) pheader or (2) pfooter parameters in the "Advanced Settings" capability.

Affected products

• cgiscript.net / csnews1.0 – 1.0
• cgiscript.net / csnews1.0_professional – 1.0_professional

References

• MISChttp://www.iss.net/security_center/static/9333.php
• MISChttp://www.securityfocus.com/bid/4994
• MISChttp://archives.neohapsis.com/archives/bugtraq/2002-06/0091.html