|
Description
|
|
SECVeritas has reported a vulnerability in Reportico, which can be exploited by malicious people to disclose potentially sensitive information.
Input passed via the "xmlin" parameter to certain scripts is not properly verified before being used to read files. This can be exploited to disclose the contents of arbitrary local XML files via directory traversal sequences.
The vulnerability is reported in versions 3.2 and prior.
|
|
|
|
|
|
Vulnerable Products
|
|
Vulnerable Software:
Reportico 3.x
|
|
|
|
|
|
Solution
|
|
Update to version 3.3 or upgrade to version 4.0.
|
|
|
|
|
|
CVE
|
|
CVE-2014-3777
|
|
|
|
|
|
References
|
|
Reportico:
http://www.reportico.org/site/index.php
SECVeritas:
http://www.secveritas.com/secv-05-1402.html
|
|
|
|
|
|
Vulnerability Manager Detection
|
|
No
|
|
|
|
|
|
IPS Protection
|
|
|
|
|
|
|
