Ilia Alshanetsky FUDForum 1.2.8/1.9.8/2.0.2 - File Modification

EDB-ID:

21724




Platform:

PHP

Date:

2002-08-19


source: https://www.securityfocus.com/bid/5502/info

Reportedly, it is possible for an administrator to manipulate (create, modify etc.) files outside of the FUDForum directories. This vulnerability is present in the 'adm/admbrowse.php' script. The vulnerability is the result of FUDForum allowing access to files and directories outside of FUDForum directories.

http://victim.com/admbrowse.php?down=1&cur=%2Fetc%2F&dest=passwd&rid=1&S=[someid]