BID:22670

Pheap Edit.PHP Directory Traversal Vulnerability

Info

Pheap Edit.PHP Directory Traversal Vulnerability

Bugtraq ID:	22670
Class:	Input Validation Error
CVE:	CVE-2007-1140
Remote:	Yes
Local:	No
Published:	Feb 22 2007 12:00AM
Updated:	May 12 2015 07:34PM
Credit:	laurent gaffi is credited with the discovery of this vulnerability.
Vulnerable:	Pheap Pheap 2.0 Pheap Pheap 1.3 Pheap Pheap 1.1 Pheap Pheap 1.0

Not Vulnerable:

Discussion

Pheap Edit.PHP Directory Traversal Vulnerability

Pheap is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to retrieve and edit the contents of arbitrary files from the vulnerable system in the context of the affected application.

Exploit / POC

Pheap Edit.PHP Directory Traversal Vulnerability

Attackers may exploit this vulnerability via a web client.

The following proof-of-concept URI is available:

http://www.example.com/edit.php?em=file&filename=../../../../../../../../../../../../../etc/passwd

Solution / Fix

Pheap Edit.PHP Directory Traversal Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

References

Pheap Edit.PHP Directory Traversal Vulnerability

References:

Pheap Homepage (Pheap)
pheap [edit LFI] vulnerability (laurent gaffi)