PHP Rocket Add-in File Traversal Network Vulnerability

Summary

There is a vulnerability in the PHP Rocket Add-in for FrontPage that allows a remote attacker to view the contents of any arbitrary file to which the web user has access. This vulnerability exists because the PHP Rocket Add-in does not filter out ../ and is therefore susceptible to this directory traversal attack. More Information: http://www.securityfocus.com/bid/3751

Severity

Classification

CVE CVE-2001-1204

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

AlienForm CGI script
1024 CMS 1.1.0 Beta 'force_download.php' Local File Include Vulnerability
Apache Tomcat source.jsp malformed request information disclosure
Apache mod_proxy_ajp Information Disclosure Vulnerability
Adiscon LogAnalyzer 'highlight' Parameter Cross Site Scripting Vulnerability

Take action and discover your vulnerabilities