FAQManager.CGI NULL Character Arbitrary File Disclosure Vulnerability

FAQManager.cgi is a Perl script for maintaining a FAQ (Frequently Asked Questions) via a web interface. It will run on most Unix/Linux and Microsoft Windows platforms.

FAQManager does not properly filter certain types of input from incoming web requests. It is possible to append a NULL character (%00) to the of a web request and display the contents of an arbitrary web-readable file.


Privacy Statement
Copyright 2010, SecurityFocus