vendor:
ModuleBuilder
by:
Unknown
5.5
CVSS
MEDIUM
Remote File Disclosure
200
CWE
Product Name: ModuleBuilder
Affected Version From: ModuleBuilder V1.0
Affected Version To: ModuleBuilder V1.0
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2007
ModuleBuilder V1.0 (file) Remote File Disclosure Vulnerability
This vulnerability allows an attacker to disclose arbitrary files on the server. By manipulating the 'file' parameter in the URL, an attacker can traverse directories and access sensitive files. In this case, the attacker is able to access the '/etc/passwd' file. This vulnerability was published on milw0rm.com on October 31, 2007.
Mitigation:
To mitigate this vulnerability, it is recommended to sanitize user input and properly validate file paths before accessing files on the server. Additionally, access controls should be implemented to restrict unauthorized access to sensitive files.