SurgeLDAP 1.0 User.CGI Directory Traversal Vulnerability

ID EDB-ID:23987
Type exploitdb
Reporter dr_insane
Modified 2004-04-12T00:00:00


SurgeLDAP 1.0 User.CGI Directory Traversal Vulnerability. CVE-2004-2253. Remote exploit for cgi platform


SurgeLDAP is prone to a directory traversal vulnerability in one of the scripts included with the built-in web administrative server, potentially resulting in disclosure of files. 

A remote attacker could exploit this issue to gain access to system files outside of the web root directory of the built-in web server. Files that are readable by the web server could be disclosed via this issue.