Simple File Manager Multiple Input Validation Vulnerabilities

Bugtraq ID:	21408
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Dec 02 2006 12:00AM
Updated:	Dec 04 2006 06:44PM
Credit:	flame is credited with the discovery of these vulnerabilities.
Vulnerable:	Simple File Manager Simple File Manager 0.24a
Not Vulnerable:

Simple File Manager Multiple Input Validation Vulnerabilities

Simple File Manager is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input.

An attacker can exploit this issue to create, delete, modify, and upload arbitrary files in the context of the webserver process. This may facilitate a remote compromise of the underlying system.

This issue affects version 0.24a; other versions may also be vulnerable.

Simple File Manager Multiple Input Validation Vulnerabilities

An attacker can exploit these issues with a web browser.

The following proof-of-concept examples are available:

• /data/vulnerabilities/exploits/21408.html

Simple File Manager Multiple Input Validation Vulnerabilities

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].

Simple File Manager Multiple Input Validation Vulnerabilities

References:

• Simple File Manager Homepage (Simple File Manager)