vendor:
ext 1.0 alpha1
by:
Alkomandoz Hacker
5.5
CVSS
MEDIUM
Remote File Disclosure
22
CWE
Product Name: ext 1.0 alpha1
Affected Version From: ext 1.0 alpha1
Affected Version To: ext 1.0 alpha1
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2007
ext 1.0 alpha1 (feed-proxy.php) Remote File Disclosure
This vulnerability allows an attacker to disclose files remotely using the feed-proxy.php script in ext 1.0 alpha1. By manipulating the 'feed' parameter in the URL, an attacker can access sensitive files on the server, such as /etc/passwd.
Mitigation:
To mitigate this vulnerability, the vendor should release a patch that properly validates user input and prevents directory traversal attacks. In the meantime, users are advised to restrict access to the affected script or remove it entirely if not needed.