ImageFolio 2.2x/3.0/3.1 - 'Admin.cgi' Directory Traversal

EDB-ID:

22743

CVE:





Platform:

CGI

Date:

2003-06-05


source: https://www.securityfocus.com/bid/7828/info

ImageFolio 'admin.cgi' has been reported prone to a directory traversal vulnerability.

By supplying directory traversal sequences, as a URI parameter, to the 'admin.cgi' script an attacker may break out of the web root directory.

Successful exploitation may expose sensitive information to remote attackers. This information could be used to aid in further attacks against the affected system. 

http://www.samplesite.com/cgi-bin/imagefolio/admin/admin.cgi?cgi=remove.
pl&uid=111.111.111.111&rmstep=2&category=../../../../../../../../../../.
./etc/