Code: p95

Severity: Notice


Description: A vulnerability exists in Miva Corporation's "htmlscript" CGI program that allows remote users to read files on the server. Any file that the user running the server (usually "nobody") can read can be accessed from this CGI-BIN script. Htmlscript CGI allows remote file reading

Impact: Versions previous to 2.9932 contain this vunerability.

Corrective: Disable htmlscript on your server and contact Miva for an upgrade.