header-logo
Suggest Exploit
vendor:
by:
7.5
CVSS
HIGH
Directory Traversal
22
CWE
Product Name:
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

Pheap Directory Traversal Vulnerability

Pheap is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve and edit the contents of arbitrary files from the vulnerable system in the context of the affected application.

Mitigation:

To mitigate this vulnerability, ensure that user-supplied input is properly validated and sanitized before being used in file operations. Implementing input validation and using secure coding practices can help prevent directory-traversal attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/22670/info

Pheap is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to retrieve and edit the contents of arbitrary files from the vulnerable system in the context of the affected application. 

http://www.example.com/edit.php?em=file&filename=../../../../../../../../../../../../../etc/passwd