Directory Traversal Vulnerability in SAP DB Web-Tools
CVE-2003-0940

Currently unrated

Key Information:

Vendor: SAP
Status: SAP Db
Vendor: CVE Published:; 15 December 2003

What is CVE-2003-0940?

A directory traversal vulnerability exists in the SQLFOPENC module of SAP DB web-tools, permitting remote attackers to gain unauthorized access to sensitive files on the server. By exploiting this flaw using specially crafted URL requests that incorporate dot-dot sequences, attackers can read arbitrary files, potentially leading to information disclosure or further exploitation of the system.

References

http://www.atstake.com/research/advisories/2003/a111703-2...

vendor-advisoryx_refsource_ATSTAKE

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Dec 15, 2003