Release date:
Updated on:
Affected Systems:
Veno Veno File Manager 1.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 64312
Veno File Manager is a File Manager written in PHP.
The "q" parameter for filemanager/vfm-admin/vfm-downloader.php in Veno File Manager is used to download the File if it is not correctly verified, this vulnerability allows attackers to use Base64-encoded directory traversal sequences to download arbitrary files.
<* Source: Daniel Godoy
Link: http://secunia.com/advisories/56043/
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Veno
----
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://lab.veno.it/filemanager/
Refer:
Http://packetstormsecurity.com/files/124378/Veno-File-Manager-Arbitrary-File-Download.html