Exploit Bugzilla 3.1.4 - '--attach_path' Directory Traversal

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
32228
Проверка EDB
  1. Пройдено
Автор
ILJA VAN SPRUNDEL
Тип уязвимости
REMOTE
Платформа
LINUX
CVE
cve-2008-4437
Дата публикации
2008-08-12
XML:
source: https://www.securityfocus.com/bid/30661/info

Bugzilla is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input.

Exploiting this issue will allow an attacker to view arbitrary local files within the context of the server. Information harvested may aid in launching further attacks.

The following versions are affected:

Bugzilla 2.22.1 through 2.22.4
Bugzilla 2.23.3 and later

<data encoding="filename">../relative_path/to/local_file</data>
 
Источник
www.exploit-db.com

Похожие темы