vendor:
WebcamXP and Webcam7
by:
Silent Dream
7,5
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: WebcamXP and Webcam7
Affected Version From: WebcamXP 5.5.1.2
Affected Version To: Webcam 7 v0.9.9.32
Patch Exists: YES
Related CWE: 2008-5862
CPE: a:moonware_studios:webcamxp
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XP
2012
WebcamXP and Webcam7 Directory Traversal Vulnerability
A directory traversal vulnerability exists in WebcamXP and Webcam7 which allows an attacker to access sensitive files outside of the web root directory. This vulnerability is similar to CVE-2008-5862 but uses backslashes instead of encoded forward slashes.
Mitigation:
Ensure that user input is properly sanitized and that access to sensitive files is restricted.
