Enigma2 'file' Parameter Information Disclosure Vulnerability
BID:51330
Info
Enigma2 'file' Parameter Information Disclosure Vulnerability
| Bugtraq ID: | 51330 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 09 2012 12:00AM |
| Updated: | Jan 09 2012 12:00AM |
| Credit: | Todor Donev |
| Vulnerable: |
Enigma2 Enigma2 1.7 Enigma2 Enigma2 1.6 Enigma2 Enigma2 1.5 |
| Not Vulnerable: | |
Discussion
Enigma2 'file' Parameter Information Disclosure Vulnerability
Enigma2 is prone to an information-disclosure vulnerability because it fails to sufficiently validate user-supplied data.
An attacker can exploit this issue to download local files in the context of the webserver process. This may allow the attacker to obtain sensitive information; other attacks are also possible.
Enigma2 is prone to an information-disclosure vulnerability because it fails to sufficiently validate user-supplied data.
An attacker can exploit this issue to download local files in the context of the webserver process. This may allow the attacker to obtain sensitive information; other attacks are also possible.
Exploit / POC
Enigma2 'file' Parameter Information Disclosure Vulnerability
The following exploit code is available:
The following exploit code is available:
Solution / Fix
Enigma2 'file' Parameter Information Disclosure Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Enigma2 'file' Parameter Information Disclosure Vulnerability
References:
References:
- Enigma2 Homepage (Enigma2)