E107 Image Manager Unauthorized File Upload Vulnerability
BID:12111
Info
E107 Image Manager Unauthorized File Upload Vulnerability
| Bugtraq ID: | 12111 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 26 2004 12:00AM |
| Updated: | Dec 26 2004 12:00AM |
| Credit: | Discovery is credited to sysbug. |
| Vulnerable: |
e107 e107 website system 0.616 e107 e107 website system 0.603 e107 e107 website system 0.555 Beta e107 e107 website system 0.554 e107 e107 website system 0.545 e107 e107 website system 0.6 15a e107 e107 website system 0.6 15 e107 e107 website system 0.6 14 e107 e107 website system 0.6 13 e107 e107 website system 0.6 12 e107 e107 website system 0.6 11 e107 e107 website system 0.6 10 |
| Not Vulnerable: | |
Discussion
E107 Image Manager Unauthorized File Upload Vulnerability
e107 is prone to a security vulnerability that will allow remote users to upload files with arbitrary file extensions to the computer hosting the software.
This vulnerability could allow an attacker to upload a malicious PHP script to the server and cause it to be executed. Scripts in other languages could also be executed in this manner if the Web server has a script handler configured for the file extension.
Successful exploitation will result in execution of arbitrary code in the context of the Web server.
This issue exists in the Image Manager, and an attacker must have sufficient access to this feature to exploit the vulnerability.
e107 is prone to a security vulnerability that will allow remote users to upload files with arbitrary file extensions to the computer hosting the software.
This vulnerability could allow an attacker to upload a malicious PHP script to the server and cause it to be executed. Scripts in other languages could also be executed in this manner if the Web server has a script handler configured for the file extension.
Successful exploitation will result in execution of arbitrary code in the context of the Web server.
This issue exists in the Image Manager, and an attacker must have sufficient access to this feature to exploit the vulnerability.
Exploit / POC
E107 Image Manager Unauthorized File Upload Vulnerability
There is no exploit required.
There is no exploit required.
Solution / Fix
E107 Image Manager Unauthorized File Upload Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
E107 Image Manager Unauthorized File Upload Vulnerability
References:
References:
- e107 website system Homepage (e107.org)