Collaborative Passwords Manager (cPassMan) 'path' Local File Inclusion Vulnerability Network Vulnerability

Summary

This host is running Collaborative Passwords Manager (cPassMan) and is prone to local file inclusion vulnerability.

Impact

Successful exploitation will allow attacker to obtain potentially sensitive information and to execute arbitrary local scripts in the context of the web server process. Impact Level: Application/System

Solution

upgrade Collaborative Passwords Manager (cPassMan) to 2.0 or later, For updates refer to http://sourceforge.net/projects/communitypasswo/files/

Insight

The flaw is caused by improper validation of user-supplied input via the 'path' parameter to '/sources/downloadfile.php', that allows remote attackers to view files and execute local scripts in the context of the webserver.

Affected

Collaborative Passwords Manager (cPassMan) 1.82 and prior

References

http://sec.jetlib.com/Full_Disclosure/2011/04/14/cPassMan_v1.82_Arbitrary_File_Download_-SOS-11-004

Updated on 2017-03-28

Severity

Classification

CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Take action and discover your vulnerabilities