header-logo
Suggest Exploit
vendor:
Muster
by:
7.5
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: Muster
Affected Version From: 6.1.2006
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE: a:virtual_vertex:muster:6.1.6
Metasploit:
Other Scripts:
Platforms Tested: Unknown

Virtual Vertex Muster Directory Traversal Vulnerability

The Virtual Vertex Muster web interface fails to properly sanitize user-supplied input, allowing an attacker to view arbitrary files within the context of the webserver. This can lead to information disclosure and potential further attacks.

Mitigation:

It is recommended to update to the latest version of Virtual Vertex Muster to mitigate this vulnerability. Additionally, input validation and sanitization should be implemented to prevent directory traversal attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/50841/info

Virtual Vertex Muster is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input submitted to its web interface.

Exploiting this issue will allow an attacker to view arbitrary files within the context of the webserver. Information harvested may aid in launching further attacks.

Virtual Vertex Muster 6.1.6 is vulnerable; other versions may also be affected. 

The following example request is available:

GET /a\..\..\muster.db HTTP/1.1

Navigation

Suggest Exploit

Services By CQR