Whois.Cart language Variable Traversal Arbitrary File Access

Network Security News – Saturday, June 25, 2005 Events

Whois.Cart language Variable Traversal Arbitrary File Access

Whois.Cart contains a flaw that allows a remote attacker to access system files outside of the web path. The issue is due to the program not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the language variable.. Read more at osvdb.org/17460