PT-2007-6749 · Fireconfig · Fireconfig

Gold_M

Published

2007-11-01

Updated

2017-09-29

CVE-2007-5782

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions FireConfig version 0.5

Description A directory traversal issue exists, allowing remote attackers to read arbitrary files. This is achieved by using a .. (dot dot) in the file parameter of the /dl.php endpoint.

Recommendations For FireConfig version 0.5, consider restricting access to the /dl.php endpoint until a fix is available, and avoid using the file parameter with untrusted input.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2007-5782

Affected Products

Fireconfig

PT-2007-6749 · Fireconfig · Fireconfig

CVE-2007-5782

Weakness Enumeration

Related Identifiers

Affected Products

References · 5