PT-2012-1329 · Bitweaver · Bitweaver
Published
2012-03-19
·
Updated
2012-03-19
·
CVE-2010-5086
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Bitweaver versions 2.7 through 2.8.1
Description
A directory traversal issue exists, allowing remote attackers to read arbitrary files. This is achieved by using a .. (dot dot) in the
style parameter of the wiki/rankings.php file.Recommendations
For versions 2.7 through 2.8.1, consider restricting access to the wiki/rankings.php file until a patch is available. As a temporary workaround, avoid using the
style parameter in the wiki/rankings.php file to minimize the risk of exploitation.Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bitweaver