Directory traversal vulnerability in AspUpload 2.1, in... · CVE-2001-0938 · GitHub Advisory Database · GitHub

Directory traversal vulnerability in AspUpload 2.1, in...

Moderate severity Unreviewed Published Apr 30, 2022 to the GitHub Advisory Database • Updated Jan 30, 2023

Package

No package listed— Suggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

Directory traversal vulnerability in AspUpload 2.1, in certain configurations, allows remote attackers to upload and read arbitrary files, and list arbitrary directories, via a .. (dot dot) in the Filename parameter in (1) UploadScript11.asp or (2) DirectoryListing.asp.

References

Published by the National Vulnerability Database

Nov 30, 2001

Published to the GitHub Advisory Database Apr 30, 2022

Last updated Jan 30, 2023