CVE-2002-1628

Name of the Vulnerable Software and Affected Versions Mike's Vote CGI versions prior to 1.3

Description The issue allows remote attackers to write arbitrary files due to a directory traversal vulnerability in the vote.cgi script. This is achieved by using .. (dot dot) sequences in the type parameter.

Recommendations For versions prior to 1.3, update to version 1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the vote.cgi script until the update is applied. Avoid using the type parameter with .. (dot dot) sequences in the affected API endpoint until the issue is resolved.