vendor:
phpMyBackupPro
by:
Amol Naik
7.5
CVSS
HIGH
Arbitrary File Download
22
CWE
Product Name: phpMyBackupPro
Affected Version From: 2.1
Affected Version To: 2.1
Patch Exists: YES
Related CWE: N/A
CPE: a:phpmybackuppro:phpmybackuppro
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009
Arbitrary File Download in phpMyBackupPro
phpMyBackupPro is vulnerable to Arbitrary File Download. The parameter 'view' is not properly sanitized which results in Arbitrary file download. An attacker can exploit this vulnerability by sending a malicious HTTP request to the vulnerable page 'get_file.php' with the parameter 'view' set to the path of the file to be downloaded.
Mitigation:
The parameter 'view' should be properly sanitized to prevent Arbitrary File Download.