PHP.download2.php.FN1.Parameter.Directory.Traversal

description-logoDescription

It indicates a file disclosure vulnerability in cattaDoc, an open source document management solution. This issue is due to an input validation error in the "download2.php" script that fails to validate the "fn1" parameter. As a result remote attackers may be able to read arbitrary files.

affected-products-logoAffected Products

cattaDoc version 3.0 and prior.
cattaDoc version 2.21 and prior.

Impact logoImpact

Information disclosure.

recomended-action-logoRecommended Actions

Currently we are not aware of any official supplied fix for issue.
C-Arbre Web site,http://cattadoc.com/

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2019-04-09 14.589 Default_action:pass:drop