A vulnerability has been reported in mrtg.cgi that could allow a malicious user to view the full path to the web root. MRTG Configuration Generator is a configuration file generator for devices being monitored on a network.
If a user submits a HTTP request to a host containing unusual characters, the server will return an error page containing the path to the web root.
Vulnerable: MRTG Configuration Generator MRTGconfig 0.5.9
No exploit code is required.