Directory Traversal Vulnerability in Chevereto Image Hosting Software
CVE-2012-2919
Currently unrated
What is CVE-2012-2919?
A directory traversal vulnerability exists in Chevereto 1.9.1, specifically in the Upload/engine.php file, allowing remote attackers to exploit the file upload function. By utilizing a crafted request containing '../' in the 'v' parameter, an attacker can bypass security mechanisms to determine the existence of arbitrary files on the server. This potentially exposes sensitive information and could lead to further attacks if the attacker gains access to critical files.
