[原文]Directory traversal vulnerability in Avi Alkalay contribute.cgi (aka contribute.pl), dated 16 Jun 2002, allows remote attackers to overwrite arbitrary files via ".." sequences in the contribdir variable.
Avi Alkalay contribute.cgi/contribute.pl contribdir Variable Arbitrary File Overwrite
Remote / Network Access
Loss of Confidentiality
Celular contribute.cgi or contribute.pl scripts contains a flaw that allows a remote attacker to overwrite arbitrary files. The issue is due to the contribute.pl or contribute.cgi script not properly sanitizing user input, specifically values supplied via the contribdir variable.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.