PT-2009-4701 · Unknown · Awesome Php Mega File Manager

Sirgod

Published

2009-06-30

Updated

2017-09-19

CVE-2009-2263

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Awesome PHP Mega File Manager version 1.0

Description The issue allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter of the index.php file. In some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.

Recommendations For Awesome PHP Mega File Manager version 1.0, consider validating and sanitizing the page parameter in the index.php file to prevent directory traversal attacks. As a temporary workaround, restrict access to the index.php file until a patch is available.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2009-2263

Affected Products

Awesome Php Mega File Manager

PT-2009-4701 · Unknown · Awesome Php Mega File Manager

CVE-2009-2263

Weakness Enumeration

Related Identifiers

Affected Products

References · 4