vendor:
Pagode
by:
GolD_M = [Mahmood_ali]
7.5
CVSS
HIGH
Remote File Disclosure
CWE
Product Name: Pagode
Affected Version From: 2000.5.8
Affected Version To: 2000.5.8
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2007
Pagode 0.5.8 Remote File Disclosure
The vulnerability allows an attacker to disclose files on the server by exploiting the 'navigator_ok.php' script in Pagode 0.5.8. By providing a specially crafted 'asolute' parameter in the URL, an attacker can read arbitrary files on the server, such as the '/etc/passwd' file.
Mitigation:
Update to a patched version of Pagode or apply appropriate security measures to prevent unauthorized access to sensitive files.