| VID |
21593 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The w-Agora software is vulnerable to multiple remote file disclosure vulnerabilities. w-Agora is a freely available Web forum and publishing software written in PHP. w-Agora version 4.1.5 and 4.1.6 could allow a remote attacker to traverse directories on the system. A remote attacker could send a specially-crafted URL request including dot-dot-slash (../) character sequences to the index.php or modules.php script and read arbitrary files outside of the document root.
* References:
http://www.osvdb.org/displayvuln.php?osvdb_id=3012
http://marc.theaimsgroup.com/?l=bugtraq&m=104247517109094&w=2
http://securityfocus.com/archive/1/306438
http://securityfocus.com/archive/1/306915
* Platforms Affected:
Marc Druilhe, w-Agora version 4.1.5, 4.1.6
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of w-Agora (4.2.0 or later), available from the w-Agora Download Web site at http://sourceforge.net/projects/w-agora/ |
| Related URL |
(CVE) |
| Related URL |
6595 (SecurityFocus) |
| Related URL |
11048 (ISS) |
|
