Main Vulnerability Database Exploits ID:3832 - Exploit for Path traversal in Codoforum - CVE-2014-9261

ID:3832 - Exploit for Path traversal in Codoforum - CVE-2014-9261

Published: August 9, 2020

Vulnerability identifier: #VU40867

Vulnerability risk: Medium

CVE-ID: CVE-2014-9261

CWE-ID: CWE-22

Exploitation vector: Remote access

Vulnerable software:
Codoforum

Link to public exploit:

https://www.exploit-db.com/exploits/36320/

Vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The sanitize function in Codoforum 2.5.1 does not properly implement filtering for directory traversal sequences, which allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter to index.php.

Remediation

Install update from vendor's website.

ID:3832 - Exploit for Path traversal in Codoforum - CVE-2014-9261

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human