Description
showtemp.cfm for Gafware CFXImage 1.6.6 allows remote attackers to read arbitrary files via (1) a .. or (2) a C: style pathname in the FILE parameter.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Richard Brain · textwebappscfm
https://www.exploit-db.com/exploits/21493
References (3)
Core 3
Core References
Third Party Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2002-05/0256.html
Patch, Vendor Advisory vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/9196.php
Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/4882
Scores
EPSS
0.1439
EPSS Percentile
94.4%
Details
Status
published
Products (2)
gafware/cfximage
1.6.4
gafware/cfximage
1.6.6
Published
Oct 04, 2002
Tracked Since
Feb 18, 2026