Mathopd Directory Traversal Vulnerability
BID:51872
Info
Mathopd Directory Traversal Vulnerability
| Bugtraq ID: | 51872 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 02 2012 12:00AM |
| Updated: | Feb 02 2012 12:00AM |
| Credit: | Mateusz Goik |
| Vulnerable: |
Mathopd Mathopd 1.5p6 Mathopd Mathopd 1.4 |
| Not Vulnerable: |
Mathopd Mathopd 1.5p7 |
Discussion
Mathopd Directory Traversal Vulnerability
Mathopd is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.
Exploiting the issue may allow an attacker to obtain sensitive information that could aid in further attacks.
Versions prior to Mathopd 1.5p7 are vulnerable.
Mathopd is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.
Exploiting the issue may allow an attacker to obtain sensitive information that could aid in further attacks.
Versions prior to Mathopd 1.5p7 are vulnerable.
Exploit / POC
Mathopd Directory Traversal Vulnerability
Attackers can exploit this issue with a browser.
Attackers can exploit this issue with a browser.
Solution / Fix
Mathopd Directory Traversal Vulnerability
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
Mathopd Directory Traversal Vulnerability
References:
References:
- Mathopd Homepage (Mathopd)
- security alert: directory traversal when using * in Location (Mathopd)
- Mathopd - Directory Traversal Vulnerability (Mateusz Goik)