CGI abuses : BBS E-Market File Disclosure

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.14786

Category: CGI abuses

Title: BBS E-Market File Disclosure

Summary: NOSUMMARY

Description: Description:

The remote host is running BBS E-Market Professional, a Korean Web-Based
e-commerce application written in PHP.

There is a flaw in the remote version of this software which may allow
an attacker to read arbitrary files on the remote host with the
privileges of the HTTP daemon by making the following request :

http://www.example.com/bemarket/shop/index.php?pargeurl=viewpage&filename=../../etc/passwd

Solution : Upgrade to version 1.4.0 of this software
Risk factor : High

Cross-Ref: BugTraq ID: 11191

Copyright This script is Copyright (C) 2004 Tenable Network Security

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.14786
Category:	CGI abuses
Title:	BBS E-Market File Disclosure
Summary:	NOSUMMARY
Description:	Description: The remote host is running BBS E-Market Professional, a Korean Web-Based e-commerce application written in PHP. There is a flaw in the remote version of this software which may allow an attacker to read arbitrary files on the remote host with the privileges of the HTTP daemon by making the following request : http://www.example.com/bemarket/shop/index.php?pargeurl=viewpage&filename=../../etc/passwd Solution : Upgrade to version 1.4.0 of this software Risk factor : High
Cross-Ref:	BugTraq ID: 11191
Copyright	This script is Copyright (C) 2004 Tenable Network Security