|Date: (C)2006-11-21 (M)2017-10-19|| |
Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
|CVSS Score: 5.8||Access Vector: NETWORK|
|Exploit Score: 6.4||Access Complexity: LOW|
|Impact Score: 6.4||Authentication: MULTIPLE_INSTANCES|
| ||Confidentiality: PARTIAL|
| ||Integrity: PARTIAL|
| ||Availability: PARTIAL|