Douran Portal is prone to a vulnerability that lets attackers download arbitrary files. This issue occurs because the application fails to sufficiently sanitize user-supplied input. Exploiting this issue will allow an attacker to view arbitrary files within the context of the application. Information harvested may aid in launching further attacks. Douran Portal 3.9.7.8 is affected other versions may also be vulnerable.

• http://www.douran.com/HomePage.aspx?TabID=3901&Site=DouranPortal&Lang=en-US
• https://www.securityfocus.com/bid/46927

---

Updated on 2015-03-25