CVE-2001-0842

Name of the Vulnerable Software and Affected Versions Leoboard LB5000 and LB5000II versions 1029 and earlier

Description A directory traversal issue exists in the Search.cgi component, allowing remote attackers to overwrite files and gain privileges. This is achieved by using .. (dot dot) sequences in the amembernamecookie cookie.

Recommendations For versions 1029 and earlier, consider restricting access to the Search.cgi component until a fix is available. As a temporary workaround, avoid using the amembernamecookie cookie in the Search.cgi endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.