PT-2011-5131 · Unknown · Web File Browser

Sangyun Yoo

Published

2011-12-15

Updated

2012-02-09

CVE-2011-4831

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Web File Browser version 0.4b14

Description The issue allows remote authenticated users to read arbitrary files. This is achieved by using a ..%2f (encoded dot dot) in the file parameter in a download action. The download action is part of the webFileBrowser.php file.

Recommendations For Web File Browser version 0.4b14, consider restricting access to the webFileBrowser.php file until a patch is available. As a temporary workaround, avoid using the file parameter in the download action to minimize the risk of exploitation.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2011-4831

Affected Products

Web File Browser

PT-2011-5131 · Unknown · Web File Browser

CVE-2011-4831

Weakness Enumeration

Related Identifiers

Affected Products

References · 3