vendor:
Mereo
by:
Cyber-Zone (ABDELKHALEK)
7,5
CVSS
HIGH
Arbitrary File Disclosure
200
CWE
Product Name: Mereo
Affected Version From: 1.8.0
Affected Version To: 1.8.0
Patch Exists: NO
Related CWE: N/A
CPE: a:mereo:mereo:1.8.0
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2009
Mereo 1.8.0 Arbitrary File Disclosure Exploit
This exploit allows an attacker to access arbitrary files on the vulnerable server. The attacker can use this exploit to gain access to sensitive information such as configuration files, source code, etc.
Mitigation:
Ensure that the web server is configured to only serve files from the intended directory and that the web server is not configured to serve files with extensions that are not intended to be served.