|
|
Info |
Last Modified |
| about 1 year ago |
|
|
|
|
Keywords |
Directory Traversal
|
|
Description |
EasyWeb FileManager contains a flaw that allows a remote attacker to access arbitrary files or directory listings outside of the web path. The issue is due to the module not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the "pathext" variable. These activities require a valid administrator login, diminishing the severity of the attack.
|
|
Classification |
Location:
Remote/Network Access Required
Attack Type:
Input Manipulation
Impact:
Loss of Confidentiality
Exploit:
Exploit Available
Disclosure:
OSVDB Verified
OSVDB:
Web Related
|
|
Solution |
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.
|
|
Products |
|
FileManager
 |
1.0 RC-1 |
|
|
|
|
Tools & Filters |
|
Nikto
|
1362
1363
|
|
|
|
Credit |
- Sullo - sullo
cirt.net - cirt.net
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|