vendor:
Netref 4
by:
ajann
7,5
CVSS
HIGH
Source Code Disclosure
200
CWE
Product Name: Netref 4
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
Unknown
Netref 4 (cat_for_aff.php) Source Code Disclosure
Netref 4 (cat_for_aff.php) is vulnerable to source code disclosure. An attacker can exploit this vulnerability by sending a crafted request to the vulnerable script with the parameter 'ad_direct' set to the path of the file to be disclosed. This will allow the attacker to view the source code of the file.
Mitigation:
Ensure that the application is not vulnerable to source code disclosure by validating user input and restricting access to sensitive files.
