header-logo
Suggest Exploit
vendor:
N/A
by:
SecurityFocus
7.5
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: N/A
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

Lack of Access Validation to ‘_admin’ Directory

Due to a lack of access validation to the '_admin' directory, malevolent users may be able to execute arbitrary admin scripts. This may allow a malicious user to upload arbitrary files to the affected system and gain access to files outside of the web server root directory. There may also be other consequences associated with this vulnerability.

Mitigation:

Ensure that access to the '_admin' directory is properly restricted and that all scripts are validated before execution.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/9537/info

Due to a lack of access validation to the '_admin' directory, malevolent users may be able to execute arbitrary admin scripts. This may allow a malicious user to upload arbitrary files to the affected system and gain access to files outside of the web server root directory. There may also be other consequences associated with this vulnerability. 

http://www.example.org/_admin/
http://www.example.org/_admin/list_all.php?folder=../
http://www.example.org/_admin/upload.php

Navigation

Suggest Exploit

Services By CQR