|
Description
|
|
A vulnerability has been discovered in Manhali, which can be exploited by malicious people to disclose sensitive information.
Input passed to the "f" parameter in includes/download.php is not properly verified before being used to read file. This can be exploited to disclose the content of arbitrary files.
The vulnerabilities are confirmed in version 1.8. Other versions may also be affected.
|
|
|
|
|
|
Vulnerable Products
|
|
Vulnerable Software:
Manhali 1.x
|
|
|
|
|
|
Solution
|
|
No official solution is currently available.
|
|
|
|
|
|
CVE
|
|
|
|
|
|
|
|
References
|
|
L0n3ly-H34rT:
http://se3c.blogspot.com/2012/09/manhali-v18-local-file-inclusion.html
|
|
|
|
|
|
Vulnerability Manager Detection
|
|
No
|
|
|
|
|
|
IPS Protection
|
|
|
|
|
|
|
