Gafware's CFXImage Directory Traversal Vulnerability

vendor:

CFXImage

by:

SecurityFocus

4.3

CVSS

MEDIUM

Directory Traversal

CWE

Product Name: CFXImage

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2002

Gafware’s CFXImage Directory Traversal Vulnerability

Gafware's CFXImage is a custom tag for ColdFusion. A program included with the CFXImage documentation doesn't properly filter its input. It is reported that a flaw exists in this program that allows a malicious user to read files outside of the permitted directory structure. By using directory traversal sequences (i.e. '/../', '..') or specifying a filename, an attacker can obtain files that may contain potentially sensitive information.

Mitigation:

Ensure that user input is properly sanitized and filtered to prevent directory traversal attacks.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/4882/info

Gafware's CFXImage is a custom tag for ColdFusion.

A program included with the CFXImage documentation doesn't properly filter its input. It is reported that a flaw exists in this program that allows a malicious user to read files outside of the permitted directory structure. By using directory traversal sequences (i.e. '/../', '..') or specifying a filename, an attacker can obtain files that may contain potentially sensitive information. 

http://www.server.com/docs/showtemp.cfm?TYPE=JPEG&FILE=c:\boot.ini
http://www.server.com/docs/showtemp.cfm?TYPE=JPEG&FILE=../../../../../../../../../../../../../../../../../../boot.ini

This allows the attacker to view the contents of 'c:\boot.ini'.