header-logo
Suggest Exploit
vendor:
Yellow Duck Framework
by:
SecurityFocus
7,5
CVSS
HIGH
Local File Disclosure
200
CWE
Product Name: Yellow Duck Framework
Affected Version From: Beta1 2.0
Affected Version To: Beta1 2.0
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2012

Yellow Duck Framework Local File Disclosure Vulnerability

The Yellow Duck Framework is prone to a local file-disclosure vulnerability because it fails to adequately validate user-supplied input. Exploiting this vulnerability could allow an attacker to obtain potentially sensitive information from local files on computers running the vulnerable application. This may aid in further attacks.

Mitigation:

Input validation should be used to prevent attackers from exploiting this vulnerability.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/53674/info

The Yellow Duck Framework is prone to a local file-disclosure vulnerability because it fails to adequately validate user-supplied input.

Exploiting this vulnerability could allow an attacker to obtain potentially sensitive information from local files on computers running the vulnerable application. This may aid in further attacks.

Yellow Duck Framework Beta1 2.0 is vulnerable; other versions may also be affected. 

http://www.example.com/index.php?id=./database/config.php

Navigation

Suggest Exploit

Services By CQR