First published: Thu Dec 14 2006(Updated: )
The CControl::Download function (/dl URI) in Winamp Web Interface (Wawi) 7.5.13 and earlier allows remote authenticated users to download arbitrary file types under the root via a trailing "." (dot) in a filename in the file parameter, related to erroneous behavior of the IsWinampFile function.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Flippet.org Winamp Web Interface | =7.5.9 | |
Flippet.org Winamp Web Interface | =7.5.11 | |
Flippet.org Winamp Web Interface | <=7.5.13 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.