paul Posted July 19, 2006 Report Share Posted July 19, 2006 Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files. NOTE: This is a different issue than CVE-2006-3274. Updated packages have been patched to correct this issue. Link to comment Share on other sites More sharing options...
Recommended Posts