CVE-2009-1526 (directadmin)

JBMC Software DirectAdmin before 1.334 allows local users to create or overwrite any file via a symlink attack on an arbitrary file in a certain temporary directory, related to a request for this temporary file in the PATH_INFO to the CMD_DB script during a backup action.

URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1526