Gafware CFXImage 1.6.4/1.6.6 ShowTemp File Disclosure Vulnerability

ID SSV:75319
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00


No description provided by source.


Gafware's CFXImage is a custom tag for ColdFusion.

A program included with the CFXImage documentation doesn't properly filter its input. It is reported that a flaw exists in this program that allows a malicious user to read files outside of the permitted directory structure. By using directory traversal sequences (i.e. '/../', '..') or specifying a filename, an attacker can obtain files that may contain potentially sensitive information.\boot.ini

This allows the attacker to view the contents of 'c:\boot.ini'.