Public CVE-2015-1001 disclosure

IniNet embeddedWebServer (aka eWebServer) before 2.02 mishandles URL encoding, which allows remote attackers to write to or delete files via a crafted string.