CVE-2001-1138

Name of the Vulnerable Software and Affected Versions Power Up HTML version 0.8033beta

Description The issue allows remote attackers to read arbitrary files and possibly execute arbitrary code via a .. (dot dot) in the FILE parameter of the r.pl (aka r.cgi) script.

Recommendations For Power Up HTML version 0.8033beta, consider restricting access to the r.pl script until a patch is available, and avoid using the FILE parameter with untrusted input to minimize the risk of exploitation.