header-logo
Suggest Exploit
vendor:
LinuxStat
by:
Unknown
5.5
CVSS
MEDIUM
Directory Traversal
22
CWE
Product Name: LinuxStat
Affected Version From: Versions prior to 2.3.1
Affected Version To: Unknown
Patch Exists: YES
Related CWE: Unknown
CPE: a:linuxstat:linuxstat
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

LinuxStat Directory Traversal Vulnerability

LinuxStat is vulnerable to a directory traversal vulnerability. Attackers can exploit this vulnerability by using '../' directory traversal sequences in the affected URI argument, which can cause the inclusion of potentially sensitive web-server readable files in the output of the requested page. This can lead to information disclosure and further attacks.

Mitigation:

Upgrade to LinuxStat version 2.3.1 or later to mitigate this vulnerability.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/11517/info

It is reported that LinuxStat is vulnerable to a directory traversal vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input.

By including '../' directory traversal sequences in the affected URI argument, attackers may reportedly cause the contents of arbitrary, potentially sensitive web-server readable files to be included in the output of the requested page. The resulting information disclosure may aid malicious users in further attacks.

Versions prior to 2.3.1 are reported to be affected by this vulnerability.

http://www.example.com/lstat/lstat.cgi?obj=wg104&template=../../../../../../../../etc/passwd&from=-1m&to=now

Navigation

Suggest Exploit

Services By CQR

cqrsecured