HP no Mawashimono Nikki Unspecified Directory Traversal Vulnerability
BID:50749
Info
HP no Mawashimono Nikki Unspecified Directory Traversal Vulnerability
| Bugtraq ID: | 50749 |
| Class: | Input Validation Error |
| CVE: |
CVE-2011-4001 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 21 2011 12:00AM |
| Updated: | Nov 21 2011 12:00AM |
| Credit: | Masako Ohno |
| Vulnerable: |
HP no Mawashimono Nikki 6.6 HP no Mawashimono Nikki 6.54 HP no Mawashimono Nikki 6.51 HP no Mawashimono Nikki 6.5 |
| Not Vulnerable: |
HP no Mawashimono Nikki 6.61 |
Discussion
HP no Mawashimono Nikki Unspecified Directory Traversal Vulnerability
Nikki is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.
Exploiting this issue will allow an attacker to view arbitrary files within the context of the webserver. Information harvested may aid in launching further attacks.
Versions prior to Nikki 6.61 are vulnerable.
Nikki is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.
Exploiting this issue will allow an attacker to view arbitrary files within the context of the webserver. Information harvested may aid in launching further attacks.
Versions prior to Nikki 6.61 are vulnerable.
Exploit / POC
HP no Mawashimono Nikki Unspecified Directory Traversal Vulnerability
An attacker can exploit this issue with a web browser.
An attacker can exploit this issue with a web browser.
Solution / Fix
HP no Mawashimono Nikki Unspecified Directory Traversal Vulnerability
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
HP no Mawashimono Nikki Unspecified Directory Traversal Vulnerability
References:
References:
- JVN#80081509 Nikki vulnerable to directory traversal (Masako Ohno)
- JVNDB-2011-000075 Nikki vulnerable to directory traversal (JVNDB)
- Nikki Homepage (HP no Mawashimono)