Описание
The sanitize function in Codoforum 2.5.1 does not properly implement filtering for directory traversal sequences, which allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter to index.php.
The sanitize function in Codoforum 2.5.1 does not properly implement filtering for directory traversal sequences, which allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter to index.php.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2014-9261
- https://codoforum.com/documentation/roadmap
- http://osvdb.org/show/osvdb/119412
- http://packetstormsecurity.com/files/130739/Codoforum-2.5.1-Arbitrary-File-Download.html
- http://security.szurek.pl/codoforum-251-arbitrary-file-download.html
- http://www.exploit-db.com/exploits/36320
Связанные уязвимости
nvd
почти 11 лет назад
The sanitize function in Codoforum 2.5.1 does not properly implement filtering for directory traversal sequences, which allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter to index.php.