icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Web Wiz Forums < 9.08 Multiple Script Directory Traversals

Medium

Synopsis

The remote host is vulnerable to a directory traversal flaw.

Description

The remote host is running Web Wiz Forums, a free tool for generating web-based forums. The reported version is reported to be vulnerable to a number of flaws that, if executed, would give an attacker access to confidential data. Specifically, the 'sub' parameter of the 'RTE_file_browser.asp' script fails to sanitize user-supplied data of the form '../'. An attacker can use this flaw to access data outside of the web directories. This same flaw can also be exploited via the 'file_browser.asp' script.

Solution

Upgrade to version 9.08 or higher.