Cgi Script Center » Auction Weaver : Security Vulnerabilities, CVEs,
Auction Weaver 1.0 through 1.04 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the username or bidfile form fields.
Max CVSS
5.0
EPSS Score
0.54%
Published
2000-12-19
Updated
2018-05-03
Auction Weaver 1.0 through 1.04 does not properly validate the names of form fields, which allows remote attackers to delete arbitrary files and directories via a .. (dot dot) attack.
Max CVSS
7.5
EPSS Score
1.22%
Published
2000-12-19
Updated
2018-05-03
Auction Weaver CGI script 1.02 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the fromfile parameter.
Max CVSS
10.0
EPSS Score
3.68%
Published
2000-10-20
Updated
2008-09-10
Auction Weaver CGI script 1.03 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack in the catdir parameter.
Max CVSS
10.0
EPSS Score
0.58%
Published
2000-10-20
Updated
2008-09-05
Auction Weaver CGI script 1.03 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack in the fromfile parameter.
Max CVSS
5.0
EPSS Score
0.58%
Published
2000-10-20
Updated
2008-09-05
5 vulnerabilities found