Douran Portal 'download.aspx' Arbitrary File Download Vulnerability Network Vulnerability

Summary

Douran Portal is prone to a vulnerability that lets attackers download arbitrary files. This issue occurs because the application fails to sufficiently sanitize user-supplied input. Exploiting this issue will allow an attacker to view arbitrary files within the context of the application. Information harvested may aid in launching further attacks. Douran Portal 3.9.7.8 is affected other versions may also be vulnerable.

References

http://www.douran.com/HomePage.aspx?TabID=3901&Site=DouranPortal&Lang=en-US
https://www.securityfocus.com/bid/46927

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-1569

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

11in1 Cross Site Request Forgery and Local File Include Vulnerabilities
Apache Struts Cross Site Scripting Vulnerability
/doc directory browsable ?
12Planet Chat Server one2planet.infolet.InfoServlet XSS
Apache Web Server ETag Header Information Disclosure Weakness

Take action and discover your vulnerabilities