Written by CWH Underground
Friday, 20 March 2009 23:06
Kwalbum 'UploadItems' Parameter Arbitrary File Upload Vulnerability
Input Validation Error
Oct 03 2008 12:00AM
Mar 20 2009 06:26PM
Kwalbum Kwalbum 2.0.2
Kwalbum Kwalbum 2.1
Kwalbum is prone to a vulnerability that lets remote attackers upload and execute arbitrary script code
on an affected computer with the privileges of the webserver process. The issue occurs because the
application fails to sanitize user-supplied input.
Kwalbum 2.0.2 is vulnerable; other versions may also be affected.
Attackers may exploit this issue via a browser.
The following example URI is available:
http://www.example.com/[path to kwalbum]/?p=UploadItems
Reportedly, the issues are fixed in Kwalbum 2.1 and later. Please contact the vendor for more information.
--Kwalbum Project Page