CVE-2003-0277

Name of the Vulnerable Software and Affected Versions: Happymall versions 4.3 through 4.4

Description: A directory traversal issue exists, allowing remote attackers to read arbitrary files. This is achieved by using .. (dot dot) sequences in the file parameter.

Recommendations: For versions 4.3 and 4.4, restrict access to the normal html.cgi script until a fix is available. As a temporary workaround, consider validating and sanitizing the file parameter to prevent directory traversal attacks.