CGIHTML Insecure Form-Data Temporary File Vulnerability

CGIHTML Insecure Form-Data Temporary File Vulnerability

When handling uploaded form-data, cgihtml creates a temporary file to store this data in /tmp or another user-specified directory. A client supplied filename is used when the temporary file is created.

A local attacker may take advantage of this condition to create a symbolic link in place of the temporary file, which points to another file on the system which is writeable by a server process which utilizes the vulnerable routines. The attacker may then submit a malicious form-data upload, using the attacker-supplied filename, and cause local files to be corrupted.