WARNING! Fake news / Disputed / BOGUS

Directory traversal in phpXplorer

2006.01.18
Credit: Oriol Torrent (oriol torrent gmail com)
Risk: Medium
Local: No
Remote: Yes
CVE: CVE-2006-0244
CWE: CWE-Other


CVSS Base Score: 5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

========================================================== Title: Directory traversal in phpXplorer Application: phpXplorer Vendor: http://www.phpxplorer.org Vulnerable Versions: 0.9.33 Bug: directory traversal Date: 16-January-2006 Author: Oriol Torrent Santiago < oriol.torrent.AT.gmail.com > References: http://www.arrelnet.com/advisories/adv20060116.html ========================================================== 1) Background ----------- phpXplorer is an open source file management system written in PHP. It enables you to work on a remote file system through a web browser. 2) Problem description -------------------- An attacker can read arbitrary files outside the web root by sending specially formed requests Ex: http://host/phpXplorer/system/workspaces.php?sShare=../../../../../../.. /../etc/passwd%00&ref=1 3) Solution: ---------- No Patch available. 4) Timeline --------- 17/12/2005 Bug discovered 20/12/2005 Vendor receives detailed advisory. No response 04/01/2006 Second notification. No response 16/01/2006 Public Disclosure


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top