Mask PHP File Manager Configuration Security Bypass Vulnerability
BID:29987
Info
Mask PHP File Manager Configuration Security Bypass Vulnerability
| Bugtraq ID: | 29987 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 27 2008 12:00AM |
| Updated: | Jun 30 2008 06:40PM |
| Credit: | The vendor reported this issue. |
| Vulnerable: |
mask PHP File Manager mPFM 2.4 |
| Not Vulnerable: |
mask PHP File Manager mPFM 2.5 |
Discussion
Mask PHP File Manager Configuration Security Bypass Vulnerability
Mask PHP File Manager is prone to a security-bypass vulnerability.
An attacker can exploit this issue to gain access to content contained in the application's configuration file; information obtained may lead to further attacks.
Mask PHP File Manager 2.4 is vulnerable; prior versions may also be affected.
Mask PHP File Manager is prone to a security-bypass vulnerability.
An attacker can exploit this issue to gain access to content contained in the application's configuration file; information obtained may lead to further attacks.
Mask PHP File Manager 2.4 is vulnerable; prior versions may also be affected.
Exploit / POC
Mask PHP File Manager Configuration Security Bypass Vulnerability
Attackers can exploit this issue through a browser.
Attackers can exploit this issue through a browser.
Solution / Fix
Mask PHP File Manager Configuration Security Bypass Vulnerability
Solution:
The vendor has released updates. Please see the references for more information.
mask PHP File Manager mPFM 2.4
Solution:
The vendor has released updates. Please see the references for more information.
mask PHP File Manager mPFM 2.4
-
mask PHP File Manager mpfm_v2.5.tar.gz
http://downloads.sourceforge.net/mpfm/mpfm_v2.5.tar.gz?modtime=1214481 986&big_mirror=0
References
Mask PHP File Manager Configuration Security Bypass Vulnerability
References:
References:
- mask PHP File Manager 2.5 Release Notes (mask PHP File Manager)
- mask PHP File Manager Homepage (mask PHP File Manager)