JBrowser Upload.PHP3 Arbitrary File Upload Vulnerability
BID:23166
Info
JBrowser Upload.PHP3 Arbitrary File Upload Vulnerability
| Bugtraq ID: | 23166 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 27 2007 12:00AM |
| Updated: | Mar 28 2007 03:53PM |
| Credit: | Hiro yumi is credited with the discovery of this vulnerability. |
| Vulnerable: |
JBrowser JBrowser 2.4 JBrowser JBrowser 2.3 JBrowser JBrowser 2.1 JBrowser JBrowser 2.0 JBrowser JBrowser 1.0 |
| Not Vulnerable: | |
Discussion
JBrowser Upload.PHP3 Arbitrary File Upload Vulnerability
JBrowser is prone to an arbitrary-file-upload vulnerability.
An attacker can exploit this vulnerability to upload PHP script code and execute it in the context of the webserver process.
JBrowser 2.4 and prior versions are vulnerable.
JBrowser is prone to an arbitrary-file-upload vulnerability.
An attacker can exploit this vulnerability to upload PHP script code and execute it in the context of the webserver process.
JBrowser 2.4 and prior versions are vulnerable.
Exploit / POC
JBrowser Upload.PHP3 Arbitrary File Upload Vulnerability
Attackers can use a browser to exploit this issue.
Attackers can use a browser to exploit this issue.
Solution / Fix
JBrowser Upload.PHP3 Arbitrary File Upload Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].