Vulnerabilities > CVE-2002-2033 - Unspecified vulnerability in Faqmanager Faqmanager.Cgi
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
faqmanager.cgi in FAQManager 2.2.5 and earlier allows remote attackers to read arbitrary files by specifying the filename in the toc parameter with a trailing null character (%00).
Vulnerable Configurations
Nessus
NASL family | CGI abuses |
NASL id | FAQMANAGER.NASL |
description | FAQManager is a Perl-based CGI for maintaining a list of Frequently Asked Questions. Using a specially crafted URL, a remote attacker can use this CGI to view arbitrary files on the web server. For example: http://www.example.com/cgi-bin/faqmanager.cgi?toc=/etc/passwd%00 |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 10837 |
published | 2002-01-25 |
reporter | This script is Copyright (C) 2002-2018 Matt Moore |
source | https://www.tenable.com/plugins/nessus/10837 |
title | FAQManager 'faqmanager.cgi' 'toc' Parameter Arbitrary File Access |