vendor:
GCP 2.0 datasets
by:
R3VAN_BASTARD
8,8
CVSS
HIGH
Local File Inclusion
22
CWE
Product Name: GCP 2.0 datasets
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020
GCP 2.0 datasets provided as BioCASE web services
The vulnerability exists in the ‘app’ parameter of the ‘index.php’ file. An attacker can exploit this vulnerability by sending a crafted request to the vulnerable server. The attacker can include a malicious file from the server by using the ‘../’ directory traversal technique. This can lead to the disclosure of sensitive information from the server.
Mitigation:
The application should validate the user input and filter out any malicious characters. The application should also restrict the user from accessing any sensitive files.
