Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
[CVE-2018-14429] man-cgi < 1.16 Local File Include
Aug 08 2018 07:58AM
eL_Bart0 (eL_Bart0 protonmail ch)
man-cgi before 1.16 allows Local File Inclusion via absolute path traversal. If an Attacker provides a Filename as a Parameter (e.g. https://example.org/cgi-bin/man-cgi?/etc/passwd) the Script will read and return the local file. This is happening because of the way the Script calls the "man" comm...
[ more ]
Copyright 2010, SecurityFocus