CVE-2002-2033 | Vulnerability Database | Aqua Security

faqmanager.cgi in FAQManager 2.2.5 and earlier allows remote attackers to read arbitrary files by specifying the filename in the toc parameter with a trailing null character (%00).

Affected Software

Name	Vendor	Start Version	End Version
Faqmanager.cgi	Faqmanager	2.0 (including)	2.0 (including)
Faqmanager.cgi	Faqmanager	2.1 (including)	2.1 (including)
Faqmanager.cgi	Faqmanager	2.1.1 (including)	2.1.1 (including)
Faqmanager.cgi	Faqmanager	2.1.2 (including)	2.1.2 (including)
Faqmanager.cgi	Faqmanager	2.2 (including)	2.2 (including)
Faqmanager.cgi	Faqmanager	2.2.1 (including)	2.2.1 (including)
Faqmanager.cgi	Faqmanager	2.2.2 (including)	2.2.2 (including)
Faqmanager.cgi	Faqmanager	2.2.3 (including)	2.2.3 (including)
Faqmanager.cgi	Faqmanager	2.2.4 (including)	2.2.4 (including)
Faqmanager.cgi	Faqmanager	2.2.5 (including)	2.2.5 (including)

References

http://archives.neohapsis.com/archives/bugtraq/2002-01/0065.html
http://www.iss.net/security_center/static/7833.php
http://www.securityfocus.com/bid/3810
http://archives.neohapsis.com/archives/bugtraq/2002-01/0065.html
http://www.iss.net/security_center/static/7833.php
http://www.securityfocus.com/bid/3810

NVD	https://nvd.nist.gov/vuln/detail/CVE-2002-2033
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html