| VID |
22116 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The PHP Rocket Add-in has a directory traversal vulnerability.
PHP Rocket Add-in for FrontPage is a tool which enables PHP development from FrontPage, displaying the results in the FrontPage Preview window. This tool runs on Microsoft systems. There is a vulnerability in the PHP Rocket Add-in for FrontPage that allows a remote attacker to view the contents of any arbitrary directories or files to which the web user has access. This vulnerability exists because the PHP Rocket Add-in does not filter out ../ and is therefore susceptible to this directory traversal attack. |
| Recommendation |
No remedy available as of June 2014. |
| Related URL |
CVE-2001-1204 (CVE) |
| Related URL |
3751 (SecurityFocus) |
| Related URL |
7749 (ISS) |
|
