CF Image Hosting Script 'index.php' Local File Disclosure Vulnerability

Bugtraq ID:	39816
Class:	Design Error
CVE:
Remote:	Yes
Local:	No
Published:	Mar 29 2010 12:00AM
Updated:	Mar 29 2010 12:00AM
Credit:	Jiko
Vulnerable:	CodeFuture CF image Hosting Script 1.0
Not Vulnerable:	CodeFuture CF image Hosting Script 1.0.1

CF Image Hosting Script 'index.php' Local File Disclosure Vulnerability

CF Image Hosting Script is prone to a local file-disclosure vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker can exploit this vulnerability to obtain potentially sensitive information from local files on computers running the vulnerable application. This may aid in further attacks.

CF image Hosting Script 1.0 is vulnerable; other versions may also be affected.

CF Image Hosting Script 'index.php' Local File Disclosure Vulnerability

Attackers may exploit this issue through a browser.

CF Image Hosting Script 'index.php' Local File Disclosure Vulnerability

Solution:
Updates are available; please see the references for details.


CodeFuture CF image Hosting Script 1.0

• CodeFuture cf_image_host_v1.0.1.zip
  http://codefuture.co.uk/counter/?id=20

CF Image Hosting Script 'index.php' Local File Disclosure Vulnerability

References:

• CF Image Hosting Script Homepage (CodeFuture)