VULHUB ™

The f2html.pl script does not sufficiently validate filenames before passing them into SQL queries. In the instance that f2html.pl is used to search a directory which may be accessible to untrusted local users, it may be possible to launch a SQL injection attack via a maliciously crafted filename.

The f2html.pl script does not sufficiently validate filenames before passing them into SQL queries. In the instance that f2html.pl is used to search a directory which may be accessible to untrusted local users, it may be possible to launch a SQL injection attack via a maliciously crafted filename.