{"lastseen": "2020-04-01T19:04:55", "references": [], "description": "\nWebJeff FileManager 1.6 - File Disclosure", "edition": 1, "reporter": "Adam Stephens", "exploitpack": {"type": "webapps", "platform": "php"}, "published": "2003-06-20T00:00:00", "title": "WebJeff FileManager 1.6 - File Disclosure", "type": "exploitpack", "enchantments": {"dependencies": {}, "score": {"value": -0.2, "vector": "NONE"}, "backreferences": {}, "exploitation": null, "vulnersScore": -0.2}, "bulletinFamily": "exploit", "cvelist": [], "modified": "2003-06-20T00:00:00", "id": "EXPLOITPACK:0766E449A51F48455E6897F55232CFB2", "href": "", "viewCount": 3, "sourceData": "source: https://www.securityfocus.com/bid/7995/info\n\nA vulnerability has been reported for Filemanager that may result in the disclosure of arbitrary files. The vulnerability exists due to insufficient sanitization of user-supplied values for URI parameters.\n\nA malicious attacker can specify arbitrary absolute paths as the value of the URI parameter. This will result in the requested file being disclosed to the attacker.\n\nhttp://www.example.com/filemanager/index.php3?action=telecharger&fichier=/etc/passwd", "cvss": {"score": 0.0, "vector": "NONE"}, "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645514556}}
WebJeff FileManager 1.6 - File Disclosure