CVE-2002-0923 Information

Description

CGIScript.net csNews.cgi allows remote authenticated users to read arbitrary files and possibly gain privileges via the (1) pheader or (2) pfooter parameters in the \Advanced Settings\ capability.

Reference

http://archives.neohapsis.com/archives/bugtraq/2002-06/0091.html http://www.iss.net/security_center/static/9333.php http://www.securityfocus.com/bid/4994