← back
CVE-2002-1483

CVE-2002-1483

EPSS 8.5%
db4web_c and db4web_c.exe programs in DB4Web 3.4 and 3.6 allow remote attackers to read arbitrary files via an HTTP request whose argument is a filename of the form (1) C: (drive letter), (2) //absolute/path (double-slash), or (3) .. (dot-dot).
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/21800unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://archives.neohapsis.com/archives/bugtraq/2002-09/0197.htmlhttp://archives.neohapsis.com/archives/vulnwatch/2002-q3/0124.htmlhttp://www.db4web.de/download/homepage/hotfix/readme_en.txthttp://www.iss.net/security_center/static/10123.phphttp://www.securityfocus.com/bid/5723