[原文]Multiple directory traversal vulnerabilities in siteman.php3 in AnyPortal(php) 12 MAY 00 allow remote attackers to (1) create, (2) delete, (3) save, and (4) upload files by navigating to the root directory and entering a filename beginning with "./.." (dot slash dot dot).
AnyPortal(php) siteman.php3 F Variable Traversal Arbitrary File Manipulation
Remote / Network Access
Loss of Integrity
AnyPortal contains a flaw that allows a remote attacker to create or delete arbitrary files outside of the web path. The issue is due to the siteman.php3 script not properly sanitizing user input, specifically directory traversal style attacks (../../) supplied via the 'F' variable.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.