PT-2010-1618 · Efs · Easy File Sharing Web Server

Mountassif Moad

Published

2010-04-23

Updated

2017-09-19

CVE-2009-4809

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Easy File Sharing (EFS) Web Server version 4.8

Description A directory traversal issue exists in the thumbnail.ghp component, allowing remote attackers to read arbitrary files by including a .. (dot dot) in the vfolder parameter.

Recommendations For Easy File Sharing (EFS) Web Server version 4.8, consider restricting access to the thumbnail.ghp component until a patch is available, and avoid using the vfolder parameter with untrusted input.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2009-4809

Affected Products

Easy File Sharing Web Server

PT-2010-1618 · Efs · Easy File Sharing Web Server

CVE-2009-4809

Weakness Enumeration

Related Identifiers

Affected Products

References · 6