10 lines
No EOL
711 B
Text
10 lines
No EOL
711 B
Text
source: https://www.securityfocus.com/bid/8745/info
|
|
|
|
It has been reported that MPWeb PRO may be prone to a directory traversal vulnerability that may allow an attacker to traverse outside the server root directory by using '/./../' character sequences. The issue is caused by insufficient sanitization of user-supplied input.
|
|
|
|
This vulnerability may be successfully exploited to gain sensitive information about a vulnerable host that could be used to launch further attacks against the system.
|
|
|
|
MPWeb PRO version 1.1.2 has been reported to be affected by this issue, however other versions may be vulnerable as well.
|
|
|
|
http://www.example.com/./../mpweb.ini
|
|
http://www.example.com/./.././.././../winnt/repair/sam |