Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

man-cgi Local File Inclusion

🗓️ 08 Aug 2018 00:00:00Reported by eL_Bart0Type 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 39 Views

man-cgi Local File Inclusion vulnerability allows reading local files via HTTP(s) requests due to absolute path traversal in man-cgi before 1.1

Related
Code
ReporterTitlePublishedViews
Family
0day.today		man-cgi Local File Inclusion Vulnerability
9 Aug 201800:00
zdt
Circl		CVE-2018-14429
9 Aug 201800:48
circl
CVE		CVE-2018-14429
14 Aug 201816:00
cve
Cvelist		CVE-2018-14429
14 Aug 201816:00
cvelist
EUVD		EUVD-2018-6346
7 Oct 202500:30
euvd
NVD		CVE-2018-14429
14 Aug 201818:29
nvd
Prion		Path traversal
14 Aug 201818:29
prion
`man-cgi before 1.16 allows Local File Inclusion via absolute path traversal. If an Attacker provides a Filename as a Parameter (e.g. https://example.org/cgi-bin/man-cgi?/etc/passwd) the Script will read and return the local file. This is happening because of the way the Script calls the "man" command. Tests have shown that "man /some/random/file" (depending on it's configuration) will first try to locate a manual page for the given Parameter and will fallback to reading the file provided by the Parameter if it wasn't able to find the requested manual page.  
  
The Author of the Script was contacted and was kind enough to provide a bugfix Version. You can find the bugfix Version here: http://users.softlab.ntua.gr/~christia/man-cgi.html  
  
[Vendor of Product]  
Panagiotis Christias (http://users.softlab.ntua.gr/~christia/)  
  
[Affected Product Code Base]  
man-cgi < 1.16  
  
[Attack Type]  
Remote  
  
[Impact Information Disclosure]  
True  
  
[Attack Vectors]  
HTTP(s) Request  
  
[Has vendor confirmed or acknowledged the vulnerability?]  
True  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
08 Aug 2018 00:00Current
7.7High risk
Vulners AI Score7.7
EPSS0.03748
local file inclusionhttp(s) requestremoteinformation disclosurevendor acknowledged
39