Clicknet CMS 'index.php' Directory Traversal Vulnerability Network Vulnerability

Summary

This host has Clicknet CMS installed and is prone to Directory Traversal vulnerability.

Impact

Successful attacks will allow attackers to read arbitrary files via a '..' (dot dot) sequences. Impact level: Application

Solution

No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.

Insight

The flaw is due to error in 'side' parameter in index.php which is not adequately sanitised that may lead to directory traversal attacks.

Affected

Clicknet CMS version 2.1 and prior.

References

http://secunia.com/advisories/35607
http://www.vupen.com/english/advisories/2009/1736

Updated on 2017-03-28

Severity

Classification

CVE CVE-2009-2325
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apache Tomcat TroubleShooter Servlet Installed
Apache Archiva Home Page Cross-Site Scripting vulnerability
Apache ActiveMQ Multiple Vulnerabilities
Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
AlienForm CGI script

Take action and discover your vulnerabilities