CVE-2002-1483
DB4Web 3.4 and 3.6 - Unauthenticated Arbitrary File Read via Path Traversal
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2002-1483. PoCs published by Stefan Bagdohn.
AI-analyzed exploit summary The exploit describes a directory traversal vulnerability in DB4Web, allowing attackers to access arbitrary system files by crafting malicious URLs. Examples are provided for both Windows and Linux/Unix systems.
Description
db4web_c and db4web_c.exe programs in DB4Web 3.4 and 3.6 allow remote attackers to read arbitrary files via an HTTP request whose argument is a filename of the form (1) C: (drive letter), (2) //absolute/path (double-slash), or (3) .. (dot-dot).
Exploits (1)
The exploit describes a directory traversal vulnerability in DB4Web, allowing attackers to access arbitrary system files by crafting malicious URLs. Examples are provided for both Windows and Linux/Unix systems.