Directory traversal

2008-03-0523:44:00

PRIOn knowledge base

www.prio-n.com

7.2 High

AI Score

Confidence

Low

0.011 Low

EPSS

Percentile

84.6%

JSON

Directory traversal vulnerability in the embedded HTTP server in SCI Photo Chat Server 3.4.9 and earlier allows remote attackers to read arbitrary files via a "…" (dot dot backslash) or “…/” (dot dot forward slash) in the GET command.

CPENameOperatorVersion
sci_photo_chatle3.4.9

CPE	Name	Operator	Version
	sci_photo_chat	le	3.4.9

References

aluigi.altervista.org/adv/scichatdt-adv.txt

www.securityfocus.com/bid/27872

www.vupen.com/english/advisories/2008/0614

exchange.xforce.ibmcloud.com/vulnerabilities/40655