PHP.download2.php.FN1.Parameter.Directory.Traversal
Description
It indicates a file disclosure vulnerability in cattaDoc, an open source document management solution. This issue is due to an input validation error in the "download2.php" script that fails to validate the "fn1" parameter. As a result remote attackers may be able to read arbitrary files.
Affected Products
cattaDoc version 3.0 and prior.
cattaDoc version 2.21 and prior.
Impact
Information disclosure.
Recommended Actions
Currently we are not aware of any official supplied fix for issue.
C-Arbre Web site,http://cattadoc.com/
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2019-04-09 | 14.589 | Default_action:pass:drop |