CVE-2017-9833

2017-06-24T02:29:00
ID CVE-2017-9833
Type cve
Reporter cve@mitre.org
Modified 2019-04-18T17:29:00

Description

/cgi-bin/wapopen in BOA Webserver 0.94.14rc21 allows the injection of "../.." using the FILECAMERA variable (sent by GET) to read files with root privileges.