CVE-2001-0938

Name of the Vulnerable Software and Affected Versions AspUpload version 2.1

Description A directory traversal issue allows remote attackers to upload and read arbitrary files, and list arbitrary directories, by using a .. (dot dot) in the Filename parameter in certain scripts, such as "UploadScript11.asp" or "DirectoryListing.asp".

Recommendations For AspUpload version 2.1, consider restricting access to the UploadScript11.asp and DirectoryListing.asp scripts until a fix is available, and avoid using the Filename parameter with unvalidated input to minimize the risk of exploitation.