Ilia Alshanetsky FUDForum 1.2.8/1.9.8/2.0.2 - File Modification

Author: Ulf Harnhammar
type: webapps
platform: php
port: 
date_added: 2002-08-19  
date_updated: 2012-10-04  
verified: 1  
codes: CVE-2002-1422;OSVDB-11376  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 21724.txt  

source: https://www.securityfocus.com/bid/5502/info

Reportedly, it is possible for an administrator to manipulate (create, modify etc.) files outside of the FUDForum directories. This vulnerability is present in the 'adm/admbrowse.php' script. The vulnerability is the result of FUDForum allowing access to files and directories outside of FUDForum directories.

http://victim.com/admbrowse.php?down=1&cur=%2Fetc%2F&dest=passwd&rid=1&S=[someid]