Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
Vulnerability in Xinkaa WEB Station - exploit.company
header-logo
Suggest Exploit
vendor:
WEB Station
by:
Unknown
4.3
CVSS
MEDIUM
Path Traversal
22
CWE
Product Name: WEB Station
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: No
Related CWE:
CPE: a:xinkaa:web_station
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

Vulnerability in Xinkaa WEB Station

A vulnerability has been identified in the handling of certain types of requests by Xinkaa WEB Station. Because of this, it is possible for an attacker to gain access to potentially sensitive system files.

Mitigation:

Apply the latest security patches and updates from the vendor. Restrict access to the affected files and directories. Use input validation techniques to prevent path traversal attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/12606/info

A vulnerability has been identified in the handling of certain types of requests by Xinkaa WEB Station. Because of this, it is possible for an attacker to gain access to potentially sensitive system files.

Read privileges granted to these files would be restricted by the permissions of the web server process.

http://www.example.com/../../../file
http://www.example.com/..\..\..\file