vendor:
Roundup
by:
5
CVSS
MEDIUM
Remote File Disclosure
22
CWE
Product Name: Roundup
Affected Version From: 2000.6.11
Affected Version To: 2000.6.11
Patch Exists: YES
Related CWE:
CPE: a:roundup:roundup:0.6.11
Platforms Tested:
Roundup Remote File Disclosure Vulnerability
The vulnerability allows a remote user to disclose files on a vulnerable computer by using the /home/@@file/ prefix and '../' directory traversal sequences.
Mitigation:
Upgrade to Roundup version 0.6.12 or later.