|
Gafware CFXImage ShowTemp File Disclosure Vulnerability
Gafware's CFXImage is a custom tag for ColdFusion. A program included with the CFXImage documentation doesn't properly filter its input. It is reported that a flaw exists in this program that allows a malicious user to read files outside of the permitted directory structure. By using directory traversal sequences (i.e. '/../', '..') or specifying a filename, an attacker can obtain files that may contain potentially sensitive information. |
|
 Privacy Statement |
