CARateMySite 1.0 - Directory Traversal Vulnerability

vendor:

CARateMySite

by:

milw0rm

7.5

CVSS

HIGH

Directory Traversal

CWE

Product Name: CARateMySite

Affected Version From: 1

Affected Version To: 1

Patch Exists: YES

Related CWE: CVE-2008-6133

CPE: a:caratemyweb:caratemyweb:1.0

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2008

CARateMySite 1.0 – Directory Traversal Vulnerability

CARateMySite version 1.0 suffers from a directory traversal vulnerability. This allows an attacker to read arbitrary files from the web server. The vulnerability is due to a lack of proper sanitization of user-supplied input to the '_private/CARateMySite.mdb' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing directory traversal characters.

Mitigation:

Upgrade to the latest version of CARateMySite.

Source

CARateMySite 1.0 – Directory Traversal Vulnerability

Mitigation:

Exploit-DB raw data: