Vulnerabilities > CVE-2002-2033 - Unspecified vulnerability in Faqmanager Faqmanager.Cgi

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

faqmanager

nessus

NVD

Published: 2002-12-31

Updated: 2008-09-05

Summary

faqmanager.cgi in FAQManager 2.2.5 and earlier allows remote attackers to read arbitrary files by specifying the filename in the toc parameter with a trailing null character (%00).

Vulnerable Configurations

Part	Description	Count
Application	Faqmanager Faqmanager Faqmanager.Cgi 2.0 Faqmanager Faqmanager.Cgi 2.1 Faqmanager Faqmanager.Cgi 2.1.1 Faqmanager Faqmanager.Cgi 2.1.2 Faqmanager Faqmanager.Cgi 2.2 Faqmanager Faqmanager.Cgi 2.2.1 Faqmanager Faqmanager.Cgi 2.2.2 Faqmanager Faqmanager.Cgi 2.2.3 Faqmanager Faqmanager.Cgi 2.2.4 Faqmanager Faqmanager.Cgi 2.2.5	10

Nessus

NASL family	CGI abuses
NASL id	FAQMANAGER.NASL
description	FAQManager is a Perl-based CGI for maintaining a list of Frequently Asked Questions. Using a specially crafted URL, a remote attacker can use this CGI to view arbitrary files on the web server. For example: http://www.example.com/cgi-bin/faqmanager.cgi?toc=/etc/passwd%00
last seen	2020-06-01
modified	2020-06-02
plugin id	10837
published	2002-01-25
reporter	This script is Copyright (C) 2002-2018 Matt Moore
source	https://www.tenable.com/plugins/nessus/10837
title	FAQManager 'faqmanager.cgi' 'toc' Parameter Arbitrary File Access

Summary

Vulnerable Configurations

Nessus

References