CVE-2002-0196

critical

Description

GetRelativePath in ACD Incorporated CwpAPI 1.1 only verifies if the server root is somewhere within the path, which could allow remote attackers to read or write files outside of the web root, in other directories whose path includes the web root.

References

http://www.securityfocus.com/bid/3924

http://www.iss.net/security_center/static/7981.php

http://sourceforge.net/forum/forum.php?forum_id=144966

http://online.securityfocus.com/archive/1/251699

Details

Source: Mitre, NVD

Published: 2002-05-16

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical

EPSS

EPSS: 0.00497

Detections

Analytics