PT-2007-2045 · Webfwlog · Webfwlog

Gold_M

Published

2007-01-30

Updated

2018-08-13

CVE-2007-0585

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Webfwlog versions 0.92 and earlier

Description The issue allows remote attackers to obtain the source code of files when register globals is enabled. It is likely that this can be exploited to conduct directory traversal attacks, potentially using the conffile parameter.

Recommendations For Webfwlog versions 0.92 and earlier, consider disabling the register globals setting to mitigate the risk of exploitation. As a temporary workaround, restrict access to the include/debug.php file until a fix is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-0585

Affected Products

Webfwlog

PT-2007-2045 · Webfwlog · Webfwlog

CVE-2007-0585

Related Identifiers

Affected Products

References · 8