Summary
This host is installed with Academia
management solutions international (AMSI) and is prone to directory traversal vulnerability.
Impact
Successful exploitation will allow
remote attackers to read arbitrary files on the target system.
Impact Level: System/Application
Solution
No solution or patch is available
as of 20th February, 2015. Information regarding this issue will updated once the solution details are available. For updates refer to http://amsi.ae
Insight
The error exists due to the download.php
script, which does not properly sanitize user input supplied via the 'file' parameter.
Affected
AMSI v3.20.47 build 37 and probably other
versions.
Detection
Send a crafted data via HTTP GET request
and check whether it is able to read local file or not.
References
Updated on 2015-03-25
Severity
Classification
-
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Apache Solr XML External Entity(XXE) Vulnerability-01 Jan-14
- Admidio get_file.php Remote File Disclosure Vulnerability
- Apache Tomcat Login Constraints Security Bypass Vulnerability
- Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
- Apache Tomcat NIO Connector Denial of Service Vulnerability