PT-2002-2353 · Mike · Mike'S Vote Cgi

Published

2002-12-31

Updated

2017-07-11

CVE-2002-1628

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Mike's Vote CGI versions prior to 1.3

Description The issue allows remote attackers to write arbitrary files due to a directory traversal vulnerability in the vote.cgi script. This is achieved by using .. (dot dot) sequences in the type parameter.

Recommendations For versions prior to 1.3, update to version 1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the vote.cgi script until the update is applied. Avoid using the type parameter with .. (dot dot) sequences in the affected API endpoint until the issue is resolved.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2002-1628

Affected Products

Mike'S Vote Cgi

PT-2002-2353 · Mike · Mike'S Vote Cgi

CVE-2002-1628

Related Identifiers

Affected Products

References · 4