VULHUB ™

When handling uploaded form-data, cgihtml creates a temporary file to store this data in /tmp or another user-specified directory. The software uses the client supplied filename when creating the temporary file. If the client supplies a malicious filename (such as one containing directory traversal sequences), it may be able to overwrite local files on the system hosting the vulnerable software.

When handling uploaded form-data, cgihtml creates a temporary file to store this data in /tmp or another user-specified directory. The software uses the client supplied filename when creating the temporary file. If the client supplies a malicious filename (such as one containing directory traversal sequences), it may be able to overwrite local files on the system hosting the vulnerable software.