Sahana 'mod' Parameter Local File Disclosure Vulnerability Network Vulnerability

Summary

Sahana is prone to a local file-disclosure vulnerability because it fails to adequately validate user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information from local files on computers running the vulnerable application. This may aid in further attacks. Sahana 0.6.2.2 is vulnerable other versions may also be affected.

Solution

Updates are available. Please see the references for details.

References

http://sourceforge.net/mailarchive/forum.php?thread_name=5d9043b70910191044l4bb0178fs563a5128a0f5db01%40mail.gmail.com&forum_name=sahana-maindev
http://www.sahana.lk/
http://www.securityfocus.com/bid/36826
https://bugzilla.redhat.com/show_bug.cgi?id=530255

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-3625

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

ATutor < 1.5.1-pl1 Multiple Flaws
AjaXplorer zoho plugin Directory Traversal Vulnerability
Arkeia Appliance Path Traversal Vulnerability
Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
Assesi 'bg' Parameter SQL Injection vulnerability

Take action and discover your vulnerabilities