Vulnerabilities > CVE-2004-2047 - Directory Traversal vulnerability in Easyweb Filemanager 1.0Rc1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Directory traversal vulnerability in EasyWeb FileManager 1.0 RC-1 for PostNuke allows remote attackers to retrieve arbitrary files via a .. (dot dot) in the pathext parameter.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | EasyWeb 1.0 FileManager Module Directory Traversal Vulnerability. CVE-2004-2047. Webapps exploit for php platform |
id | EDB-ID:24306 |
last seen | 2016-02-02 |
modified | 2004-07-23 |
published | 2004-07-23 |
reporter | [email protected] |
source | https://www.exploit-db.com/download/24306/ |
title | EasyWeb 1.0 FileManager Module Directory Traversal Vulnerability |
Nessus
NASL family | CGI abuses |
NASL id | EASYWEB_FILEMANAGER.NASL |
description | The remote host is running a version of the EasyWeb FileManager module that is vulnerable to a directory traversal attack. An attacker may use this flaw to read arbitrary files on the remote server by sending malformed requests like : /index.php?module=ew_filemanager&type=admin&func=manager&pathext=../../file Note that this might be a false positive, since an attacker would need credentials to exploit this flaw. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 13845 |
published | 2004-07-26 |
reporter | This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/13845 |
title | EasyWeb FileManager pathtext Traversal Arbitrary File/Directory Access |
code |
|