CVE-2002-0879

Gafware CFXImage 1.6.6 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-0879. PoCs published by Richard Brain.

AI-analyzed exploit summary The exploit describes a directory traversal vulnerability in Gafware's CFXImage documentation program, allowing attackers to read arbitrary files by manipulating the FILE parameter in showtemp.cfm. No actual exploit code is provided, only examples of malicious URLs.

Description

showtemp.cfm for Gafware CFXImage 1.6.6 allows remote attackers to read arbitrary files via (1) a .. or (2) a C: style pathname in the FILE parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Richard Brain · textwebappscfm
https://www.exploit-db.com/exploits/21493

The exploit describes a directory traversal vulnerability in Gafware's CFXImage documentation program, allowing attackers to read arbitrary files by manipulating the FILE parameter in showtemp.cfm. No actual exploit code is provided, only examples of malicious URLs.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Gafware CFXImage (documentation program)
No auth needed
Prerequisites: Access to the vulnerable showtemp.cfm endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2002-05/0256.html
Patch, Vendor Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/9196.php
Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/4882

Scores

EPSS 0.0328
EPSS Percentile 86.8%

Details

Status published
Products (2)
gafware/cfximage 1.6.4
gafware/cfximage 1.6.6
Published Oct 04, 2002
Tracked Since Feb 18, 2026