e107 Website System Request.PHP Directory Traversal Vulnerability
BID:13573
Info
e107 Website System Request.PHP Directory Traversal Vulnerability
| Bugtraq ID: | 13573 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 10 2005 12:00AM |
| Updated: | May 10 2005 12:00AM |
| Credit: | Discovered by Heintz. |
| Vulnerable: |
e107 e107 website system 0.617 |
| Not Vulnerable: | |
Discussion
e107 Website System Request.PHP Directory Traversal Vulnerability
e107 Website System is prone to a directory traversal vulnerability. This issue could be exploited to obtain the contents of arbitrary files on the vulnerable computer.
e107 Website System is prone to a directory traversal vulnerability. This issue could be exploited to obtain the contents of arbitrary files on the vulnerable computer.
Exploit / POC
e107 Website System Request.PHP Directory Traversal Vulnerability
An exploit is not required. The following example was provided:
http://www.example.com/request.php?../../e107_config.php
An exploit is not required. The following example was provided:
http://www.example.com/request.php?../../e107_config.php
Solution / Fix
e107 Website System Request.PHP Directory Traversal Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
e107 Website System Request.PHP Directory Traversal Vulnerability
References:
References:
- [core] multiple security vulnearabilities in e107 (e107.org)
- e107 website system Homepage (e107.org)