CVE-2002-0922

Name of the Vulnerable Software and Affected Versions: csNews.cgi (affected versions not specified)

Description: The issue allows remote attackers to obtain database files by sending a direct URL-encoded request to specific endpoints, such as "/default%2edb" or "/default%2edb.style". Additionally, remote authenticated users can perform administrative actions by setting a database parameter to "default%2edb".

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.