Summary
This host is installed with TYPO3 and is prone to local file-disclosure vulnerability.
Impact
Successful exploitation will allow attackers to obtain potentially sensitive information from local files on computers running the vulnerable application.
This may aid in further attacks.
Impact Level: Application
Solution
Currently we are not aware of any vendor-supplied patches, For updates,
http://typo3.org/
Insight
An error exist in download.php script, which fails to adequately validate user-supplied input.
Affected
TYPO3 version Unspecified
Detection
Send a crafted GET request and check for the response.
References
Updated on 2015-03-25
Severity
Classification
-
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- 1024 CMS 1.1.0 Beta 'force_download.php' Local File Include Vulnerability
- Apache Rave User Information Disclosure Vulnerability
- Aardvark Topsites <= 4.2.2 Remote File Inclusion Vulnerability
- Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
- Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities