Vulnerability   
Search   
    Search 172616 CVE descriptions
and 81291 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:10574
Category:Web application abuses
Title:PHPix directory traversal vulnerability
Summary:PHPix program allows an attacker to read arbitrary files on the remote web server, prefixing the pathname of the file with ..%2F..%2F..
Description:Summary:
PHPix program allows an attacker to read arbitrary files on the remote web server, prefixing the pathname of the file with ..%2F..%2F..

Vulnerability Insight:
Example:

GET /Album/?mode=album&album=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc&dispsize=640&start=0

will return all the files that are nested within /etc directory.

Solution:
Contact your vendor for the latest software release.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Cross-Ref: BugTraq ID: 1773
Common Vulnerability Exposure (CVE) ID: CVE-2000-0919
http://www.securityfocus.com/bid/1773
Bugtraq: 20001007 PHPix advisory (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2000-10/0117.html
http://www.osvdb.org/472
XForce ISS Database: phpix-dir-traversal(5331)
https://exchange.xforce.ibmcloud.com/vulnerabilities/5331
CopyrightThis script is Copyright (C) 2000 Zorgon

This is only one of 81291 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2020 E-Soft Inc. All rights reserved.