Douran Portal 'download.aspx' Arbitrary File Download Vulnerability

Douran Portal is prone to a vulnerability that lets attackers download arbitrary files. This issue occurs because the application fails to sufficiently sanitize user-supplied input.

Exploiting this issue will allow an attacker to view arbitrary files within the context of the application. Information harvested may aid in launching further attacks.

Douran Portal 3.9.7.8 is affected; other versions may also be vulnerable.


 

Privacy Statement
Copyright 2010, SecurityFocus