Chyrp Multiple Directory Traversal Vulnerabilities Network Vulnerability

Summary

The host is running Chyrp and is prone to Multiple directory traversal vulnerabilities.

Impact

Successful exploitation will allow the attackers to read arbitrary files and gain sensitive information on the affected application. Impact Level: Application

Solution

Upgrade to Chyrp version 2.1.1 For updates refer to http://chyrp.net/

Insight

Multiple flaws are due to improper validation of user supplied input to 'file' parameter in 'includes/lib/gz.php' and 'action' parameter in 'index.php' before being used to include files.

Affected

Chyrp version prior to 2.1.1

References

http://secunia.com/advisories/45184
http://www.justanotherhacker.com/advisories/JAHx113.txt
http://xforce.iss.net/xforce/xfdb/68564
http://xforce.iss.net/xforce/xfdb/68565

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-2744, CVE-2011-2780

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apache Tomcat NIO Connector Denial of Service Vulnerability
AfterLogic WebMail Pro Multiple Cross Site Scripting Vulnerabilities
Apache Tomcat source.jsp malformed request information disclosure
Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
Apache Subversion Module Metadata Accessible

Take action and discover your vulnerabilities