Description
Directory traversal vulnerability in download.php in Sisfo Kampus 0.8 allows remote attackers to list arbitrary directories via an absolute pathname in the dir parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Wawan Firmansyah · textwebappsphp
https://www.exploit-db.com/exploits/2847
References (2)
Core 2
Core References
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/21294
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/2847
Scores
EPSS
0.0589
EPSS Percentile
90.6%
Details
Status
published
Products (1)
sisfo_kampus/sisfo_kampus
0.8
Published
Nov 28, 2006
Tracked Since
Feb 18, 2026