|
Feeds -
Exploits
|
|
Written by CWH Underground
|
|
Friday, 20 March 2009 23:06 |
Kwalbum 'UploadItems' Parameter Arbitrary File Upload Vulnerability
-\\Bugtraq ID:
31568
-\\Class:
Input Validation Error
-\\CVE:
-\\Remote:
Yes
-\\Local:
No
-\\Published:
Oct 03 2008 12:00AM
-\\Updated:
Mar 20 2009 06:26PM
-\\Credit:
CWH Underground
-\\Vulnerable:
Kwalbum Kwalbum 2.0.2
-\\Not Vulnerable:
Kwalbum Kwalbum 2.1
-\\Discussion
Kwalbum is prone to a vulnerability that lets remote attackers upload and execute arbitrary script code
on an affected computer with the privileges of the webserver process. The issue occurs because the
application fails to sanitize user-supplied input.
Kwalbum 2.0.2 is vulnerable; other versions may also be affected.
-\\Exploit(s)/PoC(s):
Attackers may exploit this issue via a browser.
The following example URI is available:
http://www.example.com/[path to kwalbum]/?p=UploadItems
-\\Solution
Reportedly, the issues are fixed in Kwalbum 2.1 and later. Please contact the vendor for more information.
-\\References(s)
--Kwalbum Project Page
http://sourceforge.net/projects/kwalbum (Kwalbum)
|
