Directory traversal vulnerability in user.cgi in SurgeLDAP 1.0g and earlier allows remote attackers to read arbitrary files via a .. in the page parameter of the show command.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Surgeldap | Netwin | 1.0d (including) | 1.0d (including) |
Surgeldap | Netwin | 1.0e (including) | 1.0e (including) |
Surgeldap | Netwin | 1.0g (including) | 1.0g (including) |