header-logo
Suggest Exploit
vendor:
Sisfo Kampus
by:
5.5
CVSS
MEDIUM
Arbitrary File Download
CWE
Product Name: Sisfo Kampus
Affected Version From: SisfoKampus 2006
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

Arbitrary File Download Vulnerability in Sisfo Kampus

The application Sisfo Kampus is vulnerable to an arbitrary-file-download vulnerability. This vulnerability occurs due to insufficient sanitization of user-supplied input. An attacker can exploit this vulnerability to download arbitrary files within the context of the webserver process, potentially leading to further attacks.

Mitigation:

To mitigate this vulnerability, it is recommended to implement proper input validation and sanitization techniques to prevent the download of arbitrary files.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/25617/info


Sisfo Kampus is prone to an arbitrary-file-download vulnerability because the application fails to sufficiently sanitize user-supplied input.

An attacker can exploit this issue to download arbitrary files within the context of the webserver process. Information obtained may aid in further attacks.

This issue affects SisfoKampus 2006; other versions may also be vulnerable.

http://www.example.com/dwoprn.php?f=connectdb.php

Navigation

Suggest Exploit

Services By CQR