Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
Directory Traversal Vulnerability in Sentinel Protection Server and Keys Server - exploit.company
header-logo
Suggest Exploit
vendor:
Protection Server and Keys Server
by:
Unknown
5.5
CVSS
MEDIUM
Directory Traversal
22
CWE
Product Name: Protection Server and Keys Server
Affected Version From: 7.0.0
Affected Version To: 7.4.2000
Patch Exists: NO
Related CWE: Unknown
CPE: a:sentinel:protection_server:7.0.0cpe:/a:sentinel:protection_server:7.1.0cpe:/a:sentinel:protection_server:7.2.0cpe:/a:sentinel:protection_server:7.3.0cpe:/a:sentinel:protection_server:7.4.0cpe:/a:sentinel:keys_server:1.0.3
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

Directory Traversal Vulnerability in Sentinel Protection Server and Keys Server

The Sentinel Protection Server and Keys Server are vulnerable to a directory-traversal vulnerability. This vulnerability occurs due to insufficient sanitization of user-supplied input data. An attacker can exploit this vulnerability to access sensitive information, which can be used for further attacks.

Mitigation:

It is recommended to update to the latest version of Protection Server and Keys Server to mitigate this vulnerability. Additionally, input validation should be implemented to sanitize user-supplied input.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/26583/info

Sentinel Protection Server and Keys Server are prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.

Exploiting this issue may allow an attacker to access sensitive information that could aid in further attacks.

This issue affects Protection Server 7.0.0 through 7.4.0, and Keys Server 1.0.3; earlier versions may also be vulnerable. 

http://www.example.com:6002/../../../../../../boot.ini
http://www.example.com:7002/../../../../../../winnt/repair/sam

Navigation

Suggest Exploit

Services By CQR