vendor:
YNP Portal System
by:
GolD_M = [Mahmood_ali]
7.5
CVSS
HIGH
Remote File Disclosure
200
CWE
Product Name: YNP Portal System
Affected Version From: 2.2.2000
Affected Version To: 2.2.2000
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2007
YNP Portal System 2.2.0 Remote File Disclosure Vulnerability
The YNP Portal System version 2.2.0 is vulnerable to remote file disclosure. This allows an attacker to access sensitive files on the server by exploiting the 'showpage.cgi' script. By manipulating the 'p' parameter in the URL, an attacker can disclose files outside the web root directory, such as the '/etc/passwd' file.
Mitigation:
Upgrade to a patched version of the YNP Portal System.