header-logo
Suggest Exploit
vendor:
EasyITSP
by:
SecurityFocus
4,3
CVSS
MEDIUM
Directory Traversal
22
CWE
Product Name: EasyITSP
Affected Version From: 2.0.7
Affected Version To: 2.0.7
Patch Exists: NO
Related CWE: N/A
CPE: a:easyitsp:easyitsp
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2012

EasyITSP Directory Traversal Vulnerability

EasyITSP is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. Remote attackers can use specially crafted requests with directory-traversal sequences ('../') to access arbitrary files in the context of the application. This may aid in further attacks.

Mitigation:

Input validation should be used to prevent directory traversal attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/57741/info

EasyITSP is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. 

Remote attackers can use specially crafted requests with directory-traversal sequences ('../') to access arbitrary files in the context of the application. This may aid in further attacks. 

EasyITSP 2.0.7 and prior versions are vulnerable.


http://www.example.com/WEB/customer/voicemail.php?currentpage=phones&folder=../../

Navigation

Suggest Exploit

Services By CQR