TITLE: Plesk filemanager.php Information Disclosure
SECUNIA ADVISORY ID: SA22058
VERIFY ADVISORY: http://secunia.com/advisories/22058/
CRITICAL: Less critical
IMPACT: Exposure of system information
WHERE: >From remote
SOFTWARE: Plesk 7.x - http://secunia.com/product/3833/
DESCRIPTION: GuanYu has reported a vulnerability in Plesk, which potentially can be exploited by malicious users to disclose certain information.
Input passed to the "file" parameter in filemanager/filemanager.php is not properly verified before being used. This can be exploited to disclose the contents of certain directories via directory traversal attacks. The vulnerability is reported in version 7.6 for Windows. Other versions may also be affected.
SOLUTION: Grant only trusted users access to the affected application.
PROVIDED AND/OR DISCOVERED BY: GuanYu
Plesk filemanager.php Information DisclosurePosted on Monday, September 25, 2006 @ 17:15:11 CDT in Security Associated Topics
 |
Related
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
