Plesk filemanager.php Information Disclosure Date: Monday, September 25, 2006 @ 17:15:11 CDT Topic: Security TITLE: Plesk filemanager.php Information Disclosure SECUNIA ADVISORY ID: SA22058 VERIFY ADVISORY: http://secunia.com/advisories/22058/ CRITICAL: Less critical IMPACT: Exposure of system information WHERE: >From remote SOFTWARE: Plesk 7.x - http://secunia.com/product/3833/ DESCRIPTION: GuanYu has reported a vulnerability in Plesk, which potentially can be exploited by malicious users to disclose certain information. Input passed to the "file" parameter in filemanager/filemanager.php is not properly verified before being used. This can be exploited to disclose the contents of certain directories via directory traversal attacks. The vulnerability is reported in version 7.6 for Windows. Other versions may also be affected. SOLUTION: Grant only trusted users access to the affected application. PROVIDED AND/OR DISCOVERED BY: GuanYu This article comes from Ravens PHP Scripts https://www.ravenphpscripts.com The URL for this story is: https://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=2408