Pagesetter "pagesetter_file_preview()" Function Remote Directory Traversal Vulnerability


Description   A vulnerability has been identified in Pagesetter, which could be exploited by attackers to gain unauthorized access to arbitrary files on a vulnerable system. This issue is due to an input validation error in the "pagesetter_file_preview()" [pnfile.php] function that does not validate user-supplied parameters (e.g. "id") before being passed to a "readfile()" call, which could be exploited by attackers to access and read the contents of arbitrary files.
     
Vulnerable Products   Vulnerable Software:
Pagesetter versions 6.x
     
Solution   Upgrade to Pagesetter version 6.3.0 : http://www.elfisk.dk/index.php?module=Folder&func=view&mode=folder.view&folderid=1
     
CVE   CVE-2007-1158
     
References   http://www.elfisk.dk/index.php?module=pagesetter&func=viewpub&tid=7&pid=125
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
Misc : Directory traversal - parameter starting with ../
3.2.0
Directory traversal using ..\..
3.2.0
Directory traversal
3.2.0
     


 
 
 
 
 Risk level 
Moderate 

 Vulnerability First Public Report Date 
2007-02-27 

 Target Type 
Server 

 Possible exploit 
Local & Remote