Summary
This host is running Admidio and is prone to Directory Traversal Vulnerability.
Impact
Successful exploitation could allow attacker to view local files in the context of the webserver process.
Impact Level: Application
Solution
Upgrade to Version 1.4.9 or later
http://www.admidio.org/index.php?page=download
Insight
The flaw is due to file parameter in modules/download/get_file.php which is not properly sanitized before returning to the user.
Affected
Admidio Version 1.4.8 and prior.
References
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2008-5209 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
- Aardvark Topsites PHP 'index.php' Multiple Cross Site Scripting Vulnerabilities
- Apache Web Server ETag Header Information Disclosure Weakness
- Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
- Apache Roller 'q' Parameter Cross Site Scripting Vulnerability