Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
SurgeLDAP Directory Traversal Vulnerability - exploit.company
header-logo
Suggest Exploit
vendor:
SurgeLDAP
by:
Unknown
5
CVSS
MEDIUM
Directory Traversal
22
CWE
Product Name: SurgeLDAP
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE: Unknown
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

SurgeLDAP Directory Traversal Vulnerability

SurgeLDAP is prone to a directory traversal vulnerability in one of the scripts included with the built-in web administrative server, potentially resulting in disclosure of files. A remote attacker could exploit this issue to gain access to system files outside of the web root directory of the built-in web server. Files that are readable by the web server could be disclosed via this issue.

Mitigation:

No official mitigation or remediation is available at the moment. It is recommended to restrict access to the affected script or upgrade to a patched version when available.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10103/info

SurgeLDAP is prone to a directory traversal vulnerability in one of the scripts included with the built-in web administrative server, potentially resulting in disclosure of files. 

A remote attacker could exploit this issue to gain access to system files outside of the web root directory of the built-in web server. Files that are readable by the web server could be disclosed via this issue.

http://www.example.com:6680/user.cgi?cmd=show&page=/../../../boot.ini

Navigation

Suggest Exploit

Services By CQR