vendor:
Mihalism Multi Host
by:
Unknown
7.5
CVSS
HIGH
Remote File Disclosure
22
CWE
Product Name: Mihalism Multi Host
Affected Version From: Mihalism Multi Host v2.0.7
Affected Version To: Mihalism Multi Host v2.0.7
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2007
Mihalism Multi Host v2.0.7 download.php Remote File Disclosure Vuln
The vulnerability allows an attacker to disclose files on the remote server by exploiting the 'download.php' script. By manipulating the 'file' parameter and using directory traversal techniques, an attacker can access sensitive files such as the '/etc/passwd' file.
Mitigation:
To mitigate this vulnerability, the 'download.php' script should be properly validated and sanitized to prevent directory traversal attacks. Additionally, access control should be implemented to restrict unauthorized access to sensitive files.