PT-2009-3167 · Webframe · Webframe
Ahmadbady
·
Publicado
2009-02-11
·
Atualizado
2017-09-29
·
CVE-2009-0514
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
WebFrame version 0.76
Description
The issue allows remote attackers to include and execute arbitrary local files. This is achieved through directory traversal sequences in the
currentmod and LANG parameters to the "mod/index.php" endpoint.Recommendations
For WebFrame version 0.76, consider restricting access to the
mod/index.php endpoint until a patch is available. As a temporary workaround, avoid using the currentmod and LANG parameters in the affected endpoint to minimize the risk of exploitation.Exploit
Correção
Path traversal
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Webframe