cwmExplorer Index.PHP Source Code Information Disclosure Vulnerability

Bugtraq ID:	21683
Class:	Environment Error
CVE:	CVE-2006-6757
Remote:	Yes
Local:	No
Published:	Dec 20 2006 12:00AM
Updated:	Sep 05 2007 09:01PM
Credit:	ajann is credited with the discovery of this vulnerability.
Vulnerable:	cwm-design cwmExplorer 1.0
Not Vulnerable:	cwm-design cwmExplorer 2.0

cwmExplorer Index.PHP Source Code Information Disclosure Vulnerability

cwmExplorer is prone to an information-disclosure vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this issue to retrieve script source code. Information obtained may aid in further attacks.

cwmExplorer 1.0 is vulnerable to this issue; other versions may also be affected.

cwmExplorer Index.PHP Source Code Information Disclosure Vulnerability

Attackers can exploit this issue via a web client.

The following proof-of-concept URI is available:

http://www.example.com/[path]/index.php?d=0&show_file=[file]

cwmExplorer Index.PHP Source Code Information Disclosure Vulnerability

Solution:
The vendor has released an update to address this issue.


cwm-design cwmExplorer 1.0

• cwm-design cwmExplorer.zip
  http://explorer.cwm-design.de/dir/28/cwmExplorer.zip

cwmExplorer Index.PHP Source Code Information Disclosure Vulnerability

References:

• cwmExplorer Web Site (cwmExplorer)