Cahier De Texte Telecharger.PHP Directory Traversal Vulnerability
BID:21283
Info
Cahier De Texte Telecharger.PHP Directory Traversal Vulnerability
| Bugtraq ID: | 21283 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 24 2006 12:00AM |
| Updated: | Nov 28 2006 06:25PM |
| Credit: | DarkFig is credited with the discovery of this vulnerability. |
| Vulnerable: |
Cahier de textes Cahier de texte 2.0 |
| Not Vulnerable: | |
Discussion
Cahier De Texte Telecharger.PHP Directory Traversal Vulnerability
Cahier de texte is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid in further attacks.
Cahier de texte is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid in further attacks.
Exploit / POC
Cahier De Texte Telecharger.PHP Directory Traversal Vulnerability
Attackers may exploit this vulnerability via a web client.
Attackers may exploit this vulnerability via a web client.
Solution / Fix
Cahier De Texte Telecharger.PHP Directory Traversal Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please email us at: [email protected]:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please email us at: [email protected]:[email protected].
References
Cahier De Texte Telecharger.PHP Directory Traversal Vulnerability
References:
References:
- Cahier de textes Homepage (Cahier de textes)
- Cahier de texte V2.0 SQL Code Execution Exploit ([email protected])