EditTag 1.2 - 'edittag_mp.pl?file' Arbitrary File Disclosure
| EKU-ID: 34557 | CVE: CVE-2007-0118;OSVDB-33396 | OSVDB-ID: |
| Author: NetJackal | Published: 2007-01-05 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 34557 | CVE: CVE-2007-0118;OSVDB-33396 | OSVDB-ID: |
| Author: NetJackal | Published: 2007-01-05 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/21890/info EditTag is prone to multiple directory-traversal vulnerabilities because the application fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow a remote attacker to access any file on the affected webserver. Version 1.2 is vulnerable to this issue; other versions may also be affected. http://www.example.com/edittag/edittag_mp.pl?file=INJECT