Summary
This host is installed with 7Media Web Solutions EduTrac is prone to directory traversal vulnerability.
Impact
Successful exploitation may allow an attacker to obtain sensitive information, which can lead to launching further attacks.
Impact Level: Application.
Solution
Upgrade to 7Media Web Solutions eduTrac version 1.1.2 or later.
For updates refer http://www.7mediaws.org/products/edutrac/
Insight
A flaw exist due to insufficient filtration of 'showmask' HTTP GET parameter passed to 'overview.php' script.
Affected
7Media Web Solutions eduTrac before version 1.1.2
Detection
Send a crafted exploit string via HTTP GET request and check whether it is able to read the system file or not.
References
Severity
Classification
-
CVE CVE-2013-7097 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Abtp Portal Project 'ABTPV_BLOQUE_CENT' Parameter Local and Remote File Include Vulnerabilities
- /cgi-bin directory browsable ?
- Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
- Adobe ColdFusion Unspecified Information Disclosure Vulnerability
- Adobe JRun Management Console Multiple Vulnerabilities