CVE-2002-0196 — MEDIUM severity vulnerability (GetRelativePath in ACD Incorporated CwpAPI 1.1 only verifies)
GetRelativePath in ACD Incorporated CwpAPI 1.1 only verifies if the server root is somewhere within the path, which could allow remote attackers to read or write files outside of the web root, in other directories whose path includes the web root.
| CVE ID | CVE-2002-0196 |
|---|---|
| Severity | MEDIUM |
| CVSS score | 6.4 |
| CVSS vector | AV:N/AC:L/Au:N/C:P/I:P/A:N |
| CWE | NVD-CWE-Other |
| Status | Modified |
| Published | 2002-05-16 |
| Last modified | 2026-04-16 |
| Description | GetRelativePath in ACD Incorporated CwpAPI 1.1 only verifies if the server root is somewhere within the path, which could allow remote attackers to read or write files outside of the web root, in other directories whose path includes the web root. |
| Source | NIST National Vulnerability Database |
🔍 Search all vulnerabilities →
$999/mo
Try CVECheck →