Author: JT Smith
Posted at Help Net Security: “eRiskSecurity has discovered a fatal flaw in PhpMyExplorer, a popular (and very good
looking) PHP based file manager. It is vulnerable to directory traversal. If the web
server doesn’t have appropriate limits set, like most out-of-the-box Linux
distributions, the intruder can browse the entire drive, even reading sensitive files such
as /etc/passwd.”
looking) PHP based file manager. It is vulnerable to directory traversal. If the web
server doesn’t have appropriate limits set, like most out-of-the-box Linux
distributions, the intruder can browse the entire drive, even reading sensitive files such
as /etc/passwd.”
Category:
- Linux