ZH2004-02SA (security advisory): PJ CGI Neo review (NeoBoard review) Remote arbitrary file
retrieving
Published: 29 january 2004
Released: 29 january 2004
Name: PJ CGI Neo review (NeoBoard review)
Affected Systems: Current version
Issue: Remote file retrieving
Author: Zone-h Security Labs
Vendor: http://www.livepj.com
Description
Zone-h Security Team has discovered a flaw in PJ CGI Neo review (NeoBoard review). There is
a vulnerability in the current version of NeoBoard that allows an attacker to retrieve
arbitrary files from the webserver with its priviledges.
Details
It's possibile for a remote attacker to retrieve any file from a webserver.
For example try this:
Solution:
The vendor has not been contacted because his site is unreachable.