faqmanager.cgi in FAQManager 2.2.5 and earlier allows remote attackers to read arbitrary files by specifying the filename in the toc parameter with a trailing null character (%00).
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| faqmanager | faqmanager.cgi | 2.1 |
| faqmanager | faqmanager.cgi | 2.2 |
| faqmanager | faqmanager.cgi | 2.2.5 |
| faqmanager | faqmanager.cgi | 2.1.1 |
| faqmanager | faqmanager.cgi | 2.2.3 |
| faqmanager | faqmanager.cgi | 2.2.4 |
| faqmanager | faqmanager.cgi | 2.0 |
| faqmanager | faqmanager.cgi | 2.2.1 |
| faqmanager | faqmanager.cgi | 2.2.2 |
| faqmanager | faqmanager.cgi | 2.1.2 |