A vulnerability has been reported in mrtg.cgi that could allow a malicious user to view the full path to the web root. MRTG Configuration Generator is a configuration file generator for devices being monitored on a network.

If a user submits a HTTP request to a host containing unusual characters, the server will return an error page containing the path to the web root.

Vulnerable: MRTG Configuration Generator MRTGconfig 0.5.9

No exploit code is required.