6.8 Medium
AI Score
Confidence
Low
0.012 Low
EPSS
Percentile
85.4%
Auction Weaver 1.0 through 1.04 does not properly validate the names of form fields, which allows remote attackers to delete arbitrary files and directories via a … (dot dot) attack.
www.osvdb.org/1600
www.securityfocus.com/bid/1782
exchange.xforce.ibmcloud.com/vulnerabilities/5371