Directory traversal vulnerability in cafenews.php for CARE 2002 before beta 1.0.02 allows remote attackers to read arbitrary files via .. (dot dot) sequences and null characters in the lang parameter, which is processed by a call to the include function.
References
Link | Resource |
---|---|
http://archives.neohapsis.com/archives/bugtraq/2002-07/0128.html | |
http://www.care2x.com/modul.php?thispage=headlines&m_titel=NEWS&m_item=Headlines&lang=en | URL Repurposed |
http://www.iss.net/security_center/static/9552.php | Patch Vendor Advisory |
http://www.securityfocus.com/bid/5218 | Exploit Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2002-08-31T04:00:00
Updated: 2002-09-10T09:00:00
Reserved: 2002-08-27T00:00:00
Link: CVE-2002-0998
JSON object: View
NVD Information
Status : Analyzed
Published: 2002-10-04T04:00:00.000
Modified: 2024-02-14T01:17:43.863
Link: CVE-2002-0998
JSON object: View
Redhat Information
No data.
CWE