CVE-2004-2047 - Directory traversal vulnerability in EasyWeb FileManager 1.0 RC-1 for PostNuke allows remote attacke

CVE-2004-2047

Summary

Directory traversal vulnerability in EasyWeb FileManager 1.0 RC-1 for PostNuke allows remote attackers to retrieve arbitrary files via a .. (dot dot) in the pathext parameter.

References

http://marc.info/?l=bugtraq&m=109068482605241&w=2
http://secunia.com/advisories/12151
http://www.cirt.net/advisories/ew_file_manager.shtml
http://www.osvdb.org/8193
http://www.securityfocus.com/bid/10792
https://exchange.xforce.ibmcloud.com/vulnerabilities/16806

Vulnerable Configurations

cpe:2.3:a:easyweb:easyweb_filemanager:1.0_rc1:*:*:*:*:*:*:*
cpe:2.3:a:easyweb:easyweb_filemanager:1.0_rc1:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 11-07-2017 - 01:31)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

bid	10792
bugtraq	20040724 EasyWeb FileManager Directory Traversal
misc	http://www.cirt.net/advisories/ew_file_manager.shtml
osvdb	8193
secunia	12151
xf	filemanager-pathext-view-directory-traversal(16806)

Last major update

11-07-2017 - 01:31

Published

23-07-2004 - 04:00

Last modified

11-07-2017 - 01:31