12 lines
No EOL
671 B
Text
12 lines
No EOL
671 B
Text
source: https://www.securityfocus.com/bid/11057/info
|
|
|
|
It is reported that DMS is susceptible to a directory traversal vulnerability.
|
|
|
|
The directory traversal issue is present upon requesting files outside the webroot of the application using hex encoded directory traversal character sequences to create a relative path to the target file.
|
|
|
|
This vulnerability will allow a remote attacker to retrieve potentially sensitive files, possibly aiding them in further system compromise.
|
|
|
|
Version 1.0.2 of the software is reported vulnerable to this issue. Other versions may also be affected.
|
|
|
|
http://www.example.com/%2E%2E%5Csystem.log
|
|
http://www.example.com/%2E%2E\system.log |