CVE-2005-1957 Information

Description

mtnpeak.net File Upload Manager does not properly check user authentication for certain actions which allows remote attackers to provide a modified base64-encoded file parameter and (1) read arbitrary files via the \view\ action or (2) delete arbitrary files via the del action.

Reference

http://archives.neohapsis.com/archives/bugtraq/2005-06/0116.html http://marc.info/?l=bugtraq&m=111868578006615&w=2 http://www.osvdb.org/17435 http://www.osvdb.org/20258