7Media Web Solutions EduTrac Directory Traversal Vulnerability

Summary
This host is installed with 7Media Web Solutions EduTrac is prone to directory traversal vulnerability.
Impact
Successful exploitation may allow an attacker to obtain sensitive information, which can lead to launching further attacks. Impact Level: Application.
Solution
Upgrade to 7Media Web Solutions eduTrac version 1.1.2 or later. For updates refer http://www.7mediaws.org/products/edutrac/
Insight
A flaw exist due to insufficient filtration of 'showmask' HTTP GET parameter passed to 'overview.php' script.
Affected
7Media Web Solutions eduTrac before version 1.1.2
Detection
Send a crafted exploit string via HTTP GET request and check whether it is able to read the system file or not.
References