vendor:
cwmExplorer
by:
ajann
5.5
CVSS
MEDIUM
Source Code Disclosure
CWE
Product Name: cwmExplorer
Affected Version From: cwmExplorer 1.0
Affected Version To: cwmExplorer 1.0
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2006
cwmExplorer 1.0 (show_file) Source Code Disclosure Vulnerability
This vulnerability allows an attacker to disclose the source code of files in the cwmExplorer 1.0 application. The vulnerability exists in the show_file parameter, which is not properly sanitized before being used in a file inclusion operation. By manipulating the show_file parameter, an attacker can specify the path of any file on the server and view its source code.
Mitigation:
To mitigate this vulnerability, it is recommended to sanitize user input before using it in file inclusion operations. Additionally, access controls can be implemented to restrict access to sensitive files.