Description
Absolute path traversal vulnerability in Alt-N Technologies WebAdmin 2.0.0 through 2.0.2 allows remote attackers with administrator privileges to (1) determine the installation path by reading the contents of the Name parameter in a link, and (2) read arbitrary files via an absolute path in the Name parameter.
Affected products
- alt-n / webadmin2.0.0 – 2.0.0
- alt-n / webadmin2.0.1 – 2.0.1
- alt-n / webadmin2.0.2 – 2.0.2
References
- MISChttp://www.securityfocus.com/bid/7438
- MISChttp://www.securityfocus.com/bid/7439
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/11874
- MISChttp://securityreason.com/securityalert/3286
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/11875
- MISChttp://www.securityfocus.com/archive/1/319735