Summary
PHPix program allows an attacker to read arbitrary files on the remote web server, prefixing the pathname of the file with ..%2F..%2F..
Example:
GET /Album/?mode=album&album=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc&dispsize=640&start=0
will return all the files that are nested within /etc directory.
Solution
Contact your vendor for the latest software release.
Severity
Classification
-
CVE CVE-2000-0919 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Andy's PHP Knowledgebase Multiple Cross-Site Scripting Vulnerabilities
- Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
- Apache Archiva Home Page Cross-Site Scripting vulnerability
- Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
- Adobe BlazeDS XML and XML External Entity Injection Vulnerabilities