Our Space UploadMedia.CGI Arbitrary File Upload Vulnerability

Bugtraq ID:	25487
Class:	Input Validation Error
CVE:	CVE-2007-4647
Remote:	Yes
Local:	No
Published:	Aug 30 2007 12:00AM
Updated:	May 07 2015 05:35PM
Credit:	Breaker_unit and Don are credited with the discovery of this vulnerability.
Vulnerable:	2coolcode Our Space 2.0.9
Not Vulnerable:

Our Space UploadMedia.CGI Arbitrary File Upload Vulnerability

Our Space is prone to an arbitrary-file-upload vulnerability because the application fails to sufficiently sanitize user-supplied input.

Exploiting this issue could allow an attacker to upload and execute arbitrary script code in the context of the affected webserver process. This may help the attacker compromise the application; other attacks are possible.

Our Space 2.0.9 is vulnerable; other versions may also be affected.

Our Space UploadMedia.CGI Arbitrary File Upload Vulnerability

Attackers may exploit this issue through a browser.

Our Space UploadMedia.CGI Arbitrary File Upload Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Our Space UploadMedia.CGI Arbitrary File Upload Vulnerability

References:

• Our Space Download Page (2coolcode)