Path Traversal in eduTrac
|Vendor:||7 Media Web Solutions, LLC.|
|Vulnerable Versions:||1.1.1-Stable and probably prior|
|Advisory Publication:||December 11, 2013 [without technical details]|
|Vendor Notification:||December 11, 2013|
|Vendor Fix:||December 16, 2013|
|Public Disclosure:||January 2, 2014|
|Latest Update:||December 19, 2013|
|Vulnerability Type:||Path Traversal [CWE-22]|
|CVSSv2 Base Score:||5 (AV:N/AC:L/Au:N/C:P/I:N/A:N)|
|Solution Status:||Fixed by Vendor|
|Discovered and Provided:||High-Tech Bridge Security Research Lab|
High-Tech Bridge Security Research Lab discovered path traversal vulnerability in eduTrac which can be exploited to read arbitrary files on vulnerable system with privileges of web server.
|Update eduTrac to version 1.1.2.|
| High-Tech Bridge Advisory HTB23190 - https://www.htbridge.com/advisory/HTB23190 - Path Traversal in eduTrac.|
 eduTrac - http://www.7mediaws.org/ - eduTrac is a student information system (SIS) for educational institutions to manage faculty, staff, students, courses, registrations, enrollment, and more.
 Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE® is a dictionary of publicly known information security vulnerabilities and exposures.
 Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types.
 ImmuniWeb® - a PCI compliant web application penetration test combined with managed vulnerability scan. Configure, schedule, and manage online 24/7.
Please feel free to send us any additional information related to this Advisory, such as vulnerable versions, additional exploitation details and conditions, patches and other relevant details.