The allmanageup.pl file upload CGI script in the Allmanage Website administration software 2.6 can be called directly by remote attackers, which allows them to modify user accounts or web pages.Referenceshttp://archives.neohapsis.com/archives/bugtraq/2000-05/0167.htmlhttp://www.securityfocus.com/bid/1217http://www.osvdb.org/1337
