Summary
This host is installed with 7Media Web Solutions EduTrac is prone to directory traversal vulnerability.
Impact
Successful exploitation may allow an attacker to obtain sensitive information, which can lead to launching further attacks.
Impact Level: Application.
Solution
Upgrade to 7Media Web Solutions eduTrac version 1.1.2 or later.
For updates refer http://www.7mediaws.org/products/edutrac/
Insight
A flaw exist due to insufficient filtration of 'showmask' HTTP GET parameter passed to 'overview.php' script.
Affected
7Media Web Solutions eduTrac before version 1.1.2
Detection
Send a crafted exploit string via HTTP GET request and check whether it is able to read the system file or not.
References
Severity
Classification
-
CVE CVE-2013-7097 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- appRain CMF 'uploadify.php' Remote Arbitrary File Upload Vulnerability
- Andromeda Streaming MP3 Server Cross Site Scripting Vulnerability
- Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
- A Really Simple Chat Multiple XSS Vulnerabilities
- Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability