Xpression News Xnews-Template Multiple Directory Traversal Vulnerabilities
BID:22609
Info
Xpression News Xnews-Template Multiple Directory Traversal Vulnerabilities
| Bugtraq ID: | 22609 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-1040 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 18 2007 12:00AM |
| Updated: | May 12 2015 07:34PM |
| Credit: | r0ut3r is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
Xpression News Xpression News 1.0.1 Xpression News Xpression News 1.0 |
| Not Vulnerable: | |
Discussion
Xpression News Xnews-Template Multiple Directory Traversal Vulnerabilities
Xpression News is prone to multiple directory-traversal vulnerabilities because the application fails to properly sanitize user-supplied input.
An attacker can exploit these vulnerabilities to retrieve arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid the attacker in further attacks.
Xpression News version 1.0.1 is vulnerable to these issues.
Xpression News is prone to multiple directory-traversal vulnerabilities because the application fails to properly sanitize user-supplied input.
An attacker can exploit these vulnerabilities to retrieve arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid the attacker in further attacks.
Xpression News version 1.0.1 is vulnerable to these issues.
Exploit / POC
Xpression News Xnews-Template Multiple Directory Traversal Vulnerabilities
Attackers can exploit these issues via a web client.
The following proof-of-concept exploit is available:
Attackers can exploit these issues via a web client.
The following proof-of-concept exploit is available:
Solution / Fix
Xpression News Xnews-Template Multiple Directory Traversal Vulnerabilities
Solution:
The vendor released a patch to address this issue. Please see the references for more information.
Xpression News Xpression News 1.0
Xpression News Xpression News 1.0.1
Solution:
The vendor released a patch to address this issue. Please see the references for more information.
Xpression News Xpression News 1.0
-
Xpression News patch.zip
http://xpression.hogsmeade-village.com/patch.zip
Xpression News Xpression News 1.0.1
-
Xpression News patch.zip
http://xpression.hogsmeade-village.com/patch.zip
References
Xpression News Xnews-Template Multiple Directory Traversal Vulnerabilities
References:
References:
- Vendor Homepage (Xpression News)