header-logo
Suggest Exploit
vendor:
eshtry CMS
by:
SecurityFocus
8,8
CVSS
HIGH
Local File Disclosure
200
CWE
Product Name: eshtry CMS
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: No
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2012

eshtery CMS Local File Disclosure Vulnerability

eshtry CMS is vulnerable to a local file disclosure vulnerability due to its failure to properly validate user-supplied input. An attacker can exploit this vulnerability by sending a specially crafted request to the vulnerable application, which will allow them to view the contents of local files on the server.

Mitigation:

Ensure that user-supplied input is properly validated before being used in the application.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/65740/info

eshtery CMS is prone to a local file-disclosure vulnerability because it fails to adequately validate user-supplied input.

Exploiting this vulnerability would allow an attacker to obtain potentially sensitive information from local files on computers running the vulnerable application. This may aid in further attacks. 

 http://www.example.com/[path]/FileManager.aspx?file=E:\web\admin.asp

Navigation

Suggest Exploit

Services By CQR