vendor:
Weatimages
by:
e.wiZz!
8.8
CVSS
HIGH
Directory Traversal & Local File Include
22
CWE
Product Name: Weatimages
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: No
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Linux, Windows
2011
Weatimages Directory Traversal&Local File Include Vulnerabilities
Weatimages is vulnerable to directory traversal and local file include attacks. An attacker can use the 'path' parameter in the index.php file to traverse directories and include local files. This vulnerability can be exploited on both Linux and Windows servers.
Mitigation:
Ensure that user input is properly sanitized and validated.