vendor:
AssetMan
by:
BorN To K!LL
5.5
CVSS
MEDIUM
Remote File Disclosure
22
CWE
Product Name: AssetMan
Affected Version From: 2.4a
Affected Version To: 2.4a
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2007
AssetMan 2.4a <= (download_pdf.php) Remote File Disclosure Vulnerability
The download_pdf.php script in AssetMan 2.4a allows remote attackers to read arbitrary files via a .. (dot dot) in the pdf_file parameter.
Mitigation:
Update to a patched version of AssetMan.