Vulnerability Description
http://codecanyon.net/user/Endober WebFile Explorer 1.0 is affected by: SQL Injection. The impact is: Arbitrary File Download (remote). The component is: $file = $_GET['id'] in download.php. The attack vector is: http://speicher.example.com/envato/codecanyon/demo/web-file-explorer/download.php?id=WebExplorer/../config.php.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Webfile Explorer Project | Webfile Explorer | 1.0 |
Related Weaknesses (CWE)
References
- http://codecanyon.net/user/EndoberNot ApplicableThird Party Advisory
- http://speicher.example.com/envato/codecanyon/demo/web-file-explorer/download.phBroken LinkThird Party Advisory
- http://webfile.comThird Party Advisory
- https://www.exploit-db.com/exploits/42440ExploitThird Party AdvisoryVDB Entry
- http://codecanyon.net/user/EndoberNot ApplicableThird Party Advisory
- http://speicher.example.com/envato/codecanyon/demo/web-file-explorer/download.phBroken LinkThird Party Advisory
- http://webfile.comThird Party Advisory
- https://www.exploit-db.com/exploits/42440ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2017-12761?
CVE-2017-12761 is a vulnerability with a CVSS score of 7.5 (HIGH). http://codecanyon.net/user/Endober WebFile Explorer 1.0 is affected by: SQL Injection. The impact is: Arbitrary File Download (remote). The component is: $file = $_GET['id'] in download.php. The attac...
How severe is CVE-2017-12761?
CVE-2017-12761 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-12761?
Check the references section above for vendor advisories and patch information. Affected products include: Webfile Explorer Project Webfile Explorer.