PT-2006-6774 · Unknown · Sisfo Kampus

Ang|N

Published

2006-11-28

Updated

2017-10-19

CVE-2006-6138

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Sisfo Kampus version 0.8

Description The issue allows remote attackers to list arbitrary directories via an absolute pathname in the dir parameter in the "download.php" file. This is a directory traversal vulnerability.

Recommendations For Sisfo Kampus version 0.8, restrict access to the "download.php" file to minimize the risk of exploitation. Avoid using absolute pathnames in the dir parameter until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-6138

Affected Products

Sisfo Kampus

PT-2006-6774 · Unknown · Sisfo Kampus

CVE-2006-6138

Related Identifiers

Affected Products

References · 3