Sawmill - Arbitrary File Viewing

.:: DESCRIPTION ::.
Sawmill is a powerful, hierachical log analysis tool that runs on every major platform. Sawmill is used by a wide variety of clients worldwide, including corporations, educational institutions, government and military organizations, small businesses, libraries, hospitals, non-profit organizations, and individuals.

.:: SUMMARY ::.
Affected Version: 7.0.X, < 7.1.6
Tested Platform: Linux

A security vulnerability has been found in Sawmill version 7.0.X and < 7.1.6 which allows an attacker to view any file at his choice under the privilege of the web server.

.:: DETAILS ::.
Not available to the public or to the users with basic VIA Agent's subscription.

.:: IMPACT ::.
An attacker can leverage on this vulnerability to view files and obtain sensitive information about the server for further access or escalation of privilege.

.:: AUTHOR ::.
Phuong Nguyen