|
CGIHTML Form Data File Corruption Vulnerability
When handling uploaded form-data, cgihtml creates a temporary file to store this data in /tmp or another user-specified directory. The software uses the client supplied filename when creating the temporary file. If the client supplies a malicious filename (such as one containing directory traversal sequences), it may be able to overwrite local files on the system hosting the vulnerable software. |
|
|
Privacy Statement |
