CVE-2008-5678 Information

Description

Fretwell-Downing Informatics (FDI) OLIB7 WebView 2.5.1.1 allows remote authenticated users to obtain sensitive information from files via the infile parameter to the default URI under cgi/ as demonstrated by the (1) get_settings.ini (2) setup.ini and (3) text.ini files.

Reference

http://securityreason.com/securityalert/4790 http://www.securityfocus.com/bid/31544 https://exchange.xforce.ibmcloud.com/vulnerabilities/45638 https://www.exploit-db.com/exploits/6653