Vulnerabilities > CVE-1999-0800 - Unspecified vulnerability in Allaire Forums

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
allaire
exploit available
NVD
Published: 2001-03-12
Updated: 2017-10-10

Summary

The GetFile.cfm file in Allaire Forums allows remote attackers to read files through a parameter to GetFile.cfm.

Vulnerable Configurations

Part Description Count
Application
Allaire
1

Exploit-Db

descriptionAllaire Forums 2.0.4 Getfile Vulnerability. CVE-1999-0800. Remote exploits for multiple platform
idEDB-ID:19193
last seen2016-02-02
modified1999-02-11
published1999-02-11
reporterCameron Childress
sourcehttps://www.exploit-db.com/download/19193/
titleAllaire Forums 2.0.4 Getfile Vulnerability

Seebug

bulletinFamilyexploit
descriptionBugCVE: CVE-1999-0800 BUGTRAQ: 229 Allaire Forums 是Allaire出品的一个论坛,运行在Coldfusion环境下。Allaire Forums 2.0.4版及其以前版本的一个文件存在安全问题。可以被远程入侵者用来获取服务器上的任意文件。 文件“GetFile.cfm”通常在Web应用程序的根目录下,由于这一行代码的问题: &lt;CFCONTENT TYPE= #FT#/#FST# FILE= #FilePath# &gt; 可以在指定绝对路径的情况下获取服务器上的任意文件,只要发出如下请求: http://target/GetFile.cfm?FT=Text&amp;FST=Plain&amp;FilePath=C:\boot.ini 2.0.4 厂商补丁: Allaire ------- Allaire已经为此发布了一个安全公告(ASB99-05)并在2.0.5版中解决了此问题: ASB99-05:Allaire Forums Security Issues 补丁下载: <a href=http://www.allaire.com/security target=_blank>http://www.allaire.com/security</a>
idSSV:4299
last seen2017-11-19
modified2008-10-25
published2008-10-25
reporterRoot
sourcehttps://www.seebug.org/vuldb/ssvid-4299
titleAllaire Forums GetFile.cfm远程读取任意文件漏洞

References