header-logo
Suggest Exploit
vendor:
ImageFolio
by:
SecurityFocus
7.5
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: ImageFolio
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

ImageFolio ‘admin.cgi’ Directory Traversal Vulnerability

ImageFolio 'admin.cgi' has been reported prone to a directory traversal vulnerability. By supplying directory traversal sequences, as a URI parameter, to the 'admin.cgi' script an attacker may break out of the web root directory. Successful exploitation may expose sensitive information to remote attackers. This information could be used to aid in further attacks against the affected system.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in a filesystem operation.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/7828/info

ImageFolio 'admin.cgi' has been reported prone to a directory traversal vulnerability.

By supplying directory traversal sequences, as a URI parameter, to the 'admin.cgi' script an attacker may break out of the web root directory.

Successful exploitation may expose sensitive information to remote attackers. This information could be used to aid in further attacks against the affected system. 

http://www.samplesite.com/cgi-bin/imagefolio/admin/admin.cgi?cgi=remove.
pl&uid=111.111.111.111&rmstep=2&category=../../../../../../../../../../.
./etc/

Navigation

Suggest Exploit

Services By CQR