VULHUB ™

phpWebFileManager has been reported to be vulnerable by a file disclosure issue. The 'file.php' script does not sufficiently validate externally supplied input and is therefore prone to a file disclosure vulnerability. It is possible for a remote attacker to submit a maliciously crafted web request, containing modified directory traversal sequences, which is capable of breaking out of wwwroot and browsing arbitrary web-readable files on a host running the vulnerable script. Information gathered as a result of successful exploitation may aid in further attacks against the host.

phpWebFileManager has been reported to be vulnerable by a file disclosure issue. The 'file.php' script does not sufficiently validate externally supplied input and is therefore prone to a file disclosure vulnerability. It is possible for a remote attacker to submit a maliciously crafted web request, containing modified directory traversal sequences, which is capable of breaking out of wwwroot and browsing arbitrary web-readable files on a host running the vulnerable script. Information gathered as a result of successful exploitation may aid in further attacks against the host.