PT-2010-1692 · Php Community · Phpcommunity 2

Drosophila

Publicado

2010-06-11

Atualizado

2018-10-10

CVE-2009-4886

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions phpCommunity 2 version 2.1.8

Description The issue allows remote attackers to read arbitrary files due to multiple directory traversal vulnerabilities. This is achieved by including a .. (dot dot) in the file parameter to "module/admin/files/show file.php" and the path parameter to "module/admin/files/show source.php".

Recommendations For phpCommunity 2 version 2.1.8, consider restricting access to the "module/admin/files/show file.php" and "module/admin/files/show source.php" until a patch is available. Avoid using the file and path parameters in the affected API endpoints until the issue is resolved.

Exploit

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

CVE-2009-4886

Produtos afetados

Phpcommunity 2

PT-2010-1692 · Php Community · Phpcommunity 2

CVE-2009-4886

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5