PT-2006-7462 · Softartisans · Softartisans Fileup
Inge Henriksen
·
Published
2006-12-31
·
Updated
2018-10-17
·
CVE-2006-6865
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions:
SoftArtisans FileUp (SAFileUp) version 5.0.14
Description:
The issue allows remote attackers to read arbitrary files due to a directory traversal vulnerability. This is achieved by using a
%c0%ae (Unicode dot dot) in the path parameter, which bypasses checks for ".." sequences.Recommendations:
For SoftArtisans FileUp (SAFileUp) version 5.0.14, consider restricting access to the
util/viewsrc.asp file until a patch is available. As a temporary workaround, avoid using the path parameter with untrusted input in the util/viewsrc.asp file.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Softartisans Fileup