PT-2008-2113 · Web Wiz · Web Wiz Rich Text Editor

Published

2008-01-29

Updated

2018-10-15

CVE-2008-0481

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Web Wiz Rich Text Editor version 4.0

Description A directory traversal issue exists in the RTE file browser.asp file, allowing remote attackers to list arbitrary directories and access .txt and .zip files. This is achieved by manipulating the sub parameter in a save action with a sequence of directory traversal characters.

Recommendations For Web Wiz Rich Text Editor version 4.0, consider restricting access to the RTE file browser.asp file until a patch is available, or apply configuration changes to limit the ability to traverse directories via the sub parameter.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2008-0481

Affected Products

Web Wiz Rich Text Editor

PT-2008-2113 · Web Wiz · Web Wiz Rich Text Editor

CVE-2008-0481

Weakness Enumeration

Related Identifiers

Affected Products

References · 11