WWWeBBB Forum page.cgi URI Traversal Arbitrary File Access
Remote / Network Access
Loss of Confidentiality
WWWeBBB contains a flaw that allows a remote user to traverse outside of a restricted path. The issue is due to the page.cgi not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via the URI. This directory traversal attack would allow the attacker to view files outside of the web root directory.
Currently, there are no known upgrades, patches or workarounds available to correct this vulnerability.