Overview
Mike Spice's Vote does not adequately validate user input, allowing directory traversal. As a result, an attacker can cause Vote to overwrite any file on the server to which the web server process has write privileges.
Description
Mike Spice's Vote is a CGI script written in Perl and designed to add polling capabilities to web sites. The CGI variable 'type' is passed by Vote to Perl's open() function, without adequate validation to filter '../' sequences and null bytes. As a result, an attacker can cause Vote to traverse directories and overwrite any file on the server to which the web server process has write privileges. |
Impact
Remote attackers can overwrite files on the server. |
Solution
Upgrade Upgrade to version 1.3 or later of Vote: |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
Thanks to Mike Spice for reporting this vulnerability.
This document was written by Shawn Van Ittersum.
Other Information
| CVE IDs: | None |
| Severity Metric: | 3.42 |
| Date Public: | 2002-01-09 |
| Date First Published: | 2002-09-18 |
| Date Last Updated: | 2002-09-18 14:10 UTC |
| Document Revision: | 4 |