Arbitrary File Access and Modification via Symlink in BSCW Groupware System

Arbitrary File Access and Modification via Symlink in BSCW Groupware System

CVE-2001-0973 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:P/A:N

BSCW groupware system 3.3 through 4.0.2 beta allows remote attackers to read or modify arbitrary files by uploading and extracting a tar file with a symlink into the data-bag space.

Learn more about our Web Application Penetration Testing UK.