PT-2009-2080 · Stefan Ott · Phpcksec
Publicado
2009-04-06
·
Atualizado
2017-08-17
·
CVE-2008-6610
CVSS v2.0
6.4
Média
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Stefan Ott phpcksec version 0.2.0
Description
The issue allows remote attackers to list arbitrary directories and read arbitrary files via a full pathname in the
file parameter. This is due to an absolute path traversal vulnerability in the phpcksec.php file.Recommendations
For version 0.2.0, avoid using the
file parameter with full pathnames until a fix is available. As a temporary workaround, consider restricting access to the phpcksec.php file to minimize the risk of exploitation.Exploit
Correção
Path traversal
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Phpcksec