Usermin before 1.220 (20060629) allows remote attackers to read arbitrary files, possibly related to chfn/save.cgi not properly handling an empty shell parameter, which results in changing roots shell instead of the shell of a specified user.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Usermin | Usermin | * | 1.210 (including) |
| Usermin | Usermin | 0.4 (including) | 0.4 (including) |
| Usermin | Usermin | 0.5 (including) | 0.5 (including) |
| Usermin | Usermin | 0.6 (including) | 0.6 (including) |
| Usermin | Usermin | 0.7 (including) | 0.7 (including) |
| Usermin | Usermin | 0.8 (including) | 0.8 (including) |
| Usermin | Usermin | 0.9 (including) | 0.9 (including) |
| Usermin | Usermin | 0.91 (including) | 0.91 (including) |
| Usermin | Usermin | 0.92 (including) | 0.92 (including) |
| Usermin | Usermin | 0.93 (including) | 0.93 (including) |
| Usermin | Usermin | 0.94 (including) | 0.94 (including) |
| Usermin | Usermin | 0.95 (including) | 0.95 (including) |
| Usermin | Usermin | 0.96 (including) | 0.96 (including) |
| Usermin | Usermin | 0.97 (including) | 0.97 (including) |
| Usermin | Usermin | 0.98 (including) | 0.98 (including) |
| Usermin | Usermin | 0.99 (including) | 0.99 (including) |
| Usermin | Usermin | 1.000 (including) | 1.000 (including) |
| Usermin | Usermin | 1.010 (including) | 1.010 (including) |
| Usermin | Usermin | 1.020 (including) | 1.020 (including) |
| Usermin | Usermin | 1.030 (including) | 1.030 (including) |
| Usermin | Usermin | 1.040 (including) | 1.040 (including) |
| Usermin | Usermin | 1.051 (including) | 1.051 (including) |
| Usermin | Usermin | 1.060 (including) | 1.060 (including) |
| Usermin | Usermin | 1.070 (including) | 1.070 (including) |
| Usermin | Usermin | 1.080 (including) | 1.080 (including) |
| Usermin | Usermin | 1.090 (including) | 1.090 (including) |
| Usermin | Usermin | 1.100 (including) | 1.100 (including) |
| Usermin | Usermin | 1.110 (including) | 1.110 (including) |
| Usermin | Usermin | 1.120 (including) | 1.120 (including) |
| Usermin | Usermin | 1.130 (including) | 1.130 (including) |
| Usermin | Usermin | 1.140 (including) | 1.140 (including) |
| Usermin | Usermin | 1.150 (including) | 1.150 (including) |