CVE-2001-1115

Name of the Vulnerable Software and Affected Versions SIX-webboard versions 2.01 and earlier

Description The issue allows remote attackers to read arbitrary files. This is achieved by using a dot dot (..) in the content parameter of the "generate.cgi" endpoint.

Recommendations For SIX-webboard versions 2.01 and earlier, consider restricting access to the generate.cgi endpoint until a patch is available. As a temporary workaround, avoid using the content parameter in the generate.cgi endpoint to minimize the risk of exploitation.