Summary
Sahana is prone to a local file-disclosure vulnerability because it fails to adequately validate user-supplied input.
An attacker can exploit this vulnerability to obtain potentially sensitive information from local files on computers running the vulnerable application. This may aid in further attacks.
Sahana 0.6.2.2 is vulnerable
other versions may also be affected.
Solution
Updates are available. Please see the references for details.
References
Severity
Classification
-
CVE CVE-2009-3625 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- AudiStat multiple vulnerabilities
- 3Com OfficeConnect VPN Firewall Default Password Security Bypass Vulnerability
- AlienVault Open Source SIEM (OSSIM) 'timestamp' Parameter Directory Traversal Vulnerability
- Assesi 'bg' Parameter SQL Injection vulnerability
- Apache Tomcat Windows Installer Privilege Escalation Vulnerability