BID:51590

Cloupia FlexPod 'dir' Parameter File Disclosure Vulnerability

Info

Cloupia FlexPod 'dir' Parameter File Disclosure Vulnerability

Bugtraq ID:	51590
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Jan 20 2012 12:00AM
Updated:	Jan 20 2012 12:00AM
Credit:	Chris Rock, Kustodian
Vulnerable:	Cloupia FlexPod 0

Not Vulnerable:

Discussion

Cloupia FlexPod 'dir' Parameter File Disclosure Vulnerability

FlexPod is prone to a local file-disclosure vulnerability because it fails to adequately validate user-supplied input.

Exploiting this vulnerability would allow an attacker to obtain potentially sensitive information from local files on computers running the vulnerable application. This may aid in further attacks.

Exploit / POC

Cloupia FlexPod 'dir' Parameter File Disclosure Vulnerability

Attackers may exploit this issue through a browser.

Solution / Fix

Cloupia FlexPod 'dir' Parameter File Disclosure Vulnerability

Solution:
The vendor has released updates. Please see the references for details.

References

Cloupia FlexPod 'dir' Parameter File Disclosure Vulnerability

References:

FlexPod Homepage (cloupia)