PT-2007-7101 · Kml Share · Kml Share
Gold_M
·
Publicado
2007-12-04
·
Atualizado
2017-09-29
·
CVE-2007-6212
CVSS v2.0
5.0
Média
| Vetor | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
KML share version 1.1
Description
A directory traversal issue exists, allowing remote attackers to read arbitrary files. This is achieved by using a .. (dot dot) in the
layer parameter of the region.php file.Recommendations
For KML share version 1.1, consider restricting access to the region.php file until a patch is available, or apply configuration changes to prevent directory traversal attacks, such as validating and sanitizing user input for the
layer parameter.Exploit
Correção
Path traversal
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Kml Share