PT-2002-1890 · Gafware · Cfximage

Published

2002-08-31

Updated

2008-09-05

CVE-2002-0879

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Gafware CFXImage version 1.6.6

Description: The issue allows remote attackers to read arbitrary files. This can be achieved by providing a .. or a C: style pathname in the FILE parameter of the showtemp.cfm endpoint.

Recommendations: For version 1.6.6, avoid using the FILE parameter in the showtemp.cfm endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the showtemp.cfm endpoint to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2002-0879

Affected Products

Cfximage

PT-2002-1890 · Gafware · Cfximage

CVE-2002-0879

Related Identifiers

Affected Products

References · 5