Chyrp Multiple Directory Traversal Vulnerabilities Network Vulnerability

Summary

The host is running Chyrp and is prone to Multiple directory traversal vulnerabilities.

Impact

Successful exploitation will allow the attackers to read arbitrary files and gain sensitive information on the affected application. Impact Level: Application

Solution

Upgrade to Chyrp version 2.1.1 For updates refer to http://chyrp.net/

Insight

Multiple flaws are due to improper validation of user supplied input to 'file' parameter in 'includes/lib/gz.php' and 'action' parameter in 'index.php' before being used to include files.

Affected

Chyrp version prior to 2.1.1

References

http://secunia.com/advisories/45184
http://www.justanotherhacker.com/advisories/JAHx113.txt
http://xforce.iss.net/xforce/xfdb/68564
http://xforce.iss.net/xforce/xfdb/68565

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-2744, CVE-2011-2780
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apache Tomcat Directory Listing and File disclosure
aeNovo Database Content Disclosure Vulnerability
AMSI 'file' Parameter Directory Traversal Vulnerability
AdaptCMS Lite Cross Site Scripting and Remote File Include Vulnerabilities
Annuaire PHP 'sites_inscription.php' Cross Site Scripting Vulnerability

Take action and discover your vulnerabilities