header-logo
Suggest Exploit
vendor:
SurgeLDAP
by:
Unknown
5
CVSS
MEDIUM
Directory Traversal
22
CWE
Product Name: SurgeLDAP
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE: Unknown
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

SurgeLDAP Directory Traversal Vulnerability

SurgeLDAP is prone to a directory traversal vulnerability in one of the scripts included with the built-in web administrative server, potentially resulting in disclosure of files. A remote attacker could exploit this issue to gain access to system files outside of the web root directory of the built-in web server. Files that are readable by the web server could be disclosed via this issue.

Mitigation:

No official mitigation or remediation is available at the moment. It is recommended to restrict access to the affected script or upgrade to a patched version when available.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10103/info

SurgeLDAP is prone to a directory traversal vulnerability in one of the scripts included with the built-in web administrative server, potentially resulting in disclosure of files. 

A remote attacker could exploit this issue to gain access to system files outside of the web root directory of the built-in web server. Files that are readable by the web server could be disclosed via this issue.

http://www.example.com:6680/user.cgi?cmd=show&page=/../../../boot.ini