CVE-2001-0561

Name of the Vulnerable Software and Affected Versions: A1Stats versions prior to 1.6

Description: The issue allows a remote attacker to read arbitrary files via a '..' (dot dot) attack in the following API endpoints: "a1disp2.cgi", "a1disp3.cgi", or "a1disp4.cgi". This is a directory traversal vulnerability.

Recommendations: For versions prior to 1.6, update to version 1.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the affected API endpoints "a1disp2.cgi", "a1disp3.cgi", and "a1disp4.cgi" until a patch is available.