vendor:
Project Alumni
by:
tomplixsee
N/A
CVSS
MEDIUM
Remote File Disclosure
22
CWE
Product Name: Project Alumni
Affected Version From: 1.0.9
Affected Version To: 1.0.9
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2007
Project Alumni 1.0.9 Remote File Disclosure Vulnerability
The vulnerability allows an attacker to disclose files on the server by manipulating the 'act' parameter in the URL. By using directory traversal techniques, the attacker can access sensitive files, such as the /etc/passwd file. The exploit URL is: http://victim/path/index.php?act=../../../../../../etc/passwd%00
Mitigation:
The vulnerability can be mitigated by implementing proper input validation and sanitization. It is recommended to update to a newer version of the software that includes a patch for this vulnerability.