Interspire SendStudio Multiple Remote File Include Vulnerabilities

Bugtraq ID:	22642
Class:	Input Validation Error
CVE:	CVE-2007-1060
Remote:	Yes
Local:	No
Published:	Feb 21 2007 12:00AM
Updated:	May 12 2015 07:34PM
Credit:	M.Hasran Addahroni is credited with the discovery of these vulnerabilities.
Vulnerable:	Interspire SendStudio 2004.14
Not Vulnerable:	Interspire SendStudio 2004.18

Interspire SendStudio Multiple Remote File Include Vulnerabilities

Interspire SendStudio is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

SendStudio version 2004.14 is vulnerable; other versions may also be vulnerable.

Interspire SendStudio Multiple Remote File Include Vulnerabilities

An attacker can exploit these issues via a web client.

Interspire SendStudio Multiple Remote File Include Vulnerabilities

Solution:
The vendor has released version 2004.18 to address these issues; please contact the vendor for information on obtaining a fix.

Interspire SendStudio Multiple Remote File Include Vulnerabilities

References:

• Interspire Homepage (Interspire)
  
• [ECHO_ADV_66$2007] SendStudio <= 2004.14 Remote File Inclusion Vulnerability (M.Hasran Addahroni)