Exploitation Summary
EIP tracks 1 public exploit for CVE-2002-0331. PoCs published by UNTER.
AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in BPM Studio Pro's HTTP server, allowing remote attackers to access arbitrary files on the filesystem. The issue arises due to insufficient filtering of dot-dot-slash sequences in web requests.
Description
Directory traversal vulnerability in the HTTP server for BPM Studio Pro 4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP request.
Exploits (1)
This exploit demonstrates a directory traversal vulnerability in BPM Studio Pro's HTTP server, allowing remote attackers to access arbitrary files on the filesystem. The issue arises due to insufficient filtering of dot-dot-slash sequences in web requests.