Zomplog admin/upload_files.php Unauthorized Access Vulnerability

Bugtraq ID:	25861
Class:	Access Validation Error
CVE:	CVE-2007-5231 CVE-2007-5278 CVE-2007-5230
Remote:	Yes
Local:	No
Published:	Sep 28 2007 12:00AM
Updated:	Jul 06 2016 02:17PM
Credit:	InATeam is credited with the discovery of this vulnerability.
Vulnerable:	Zomplog Zomplog 3.8.1 Zomplog Zomplog 3.8 Zomplog Zomplog 3.7
Not Vulnerable:	Zomplog Zomplog 3.8.11

Zomplog admin/upload_files.php Unauthorized Access Vulnerability

Zomplog is prone to an unauthorized-access vulnerability because it fails to adequately limit access to administrative scripts.

An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver process. This may allow the attacker to gain unauthorized access or to escalate privileges; other attacks are also possible.

This issue affects Zomplog 3.8.1; other versions may also be vulnerable.

Zomplog admin/upload_files.php Unauthorized Access Vulnerability

Attackers may exploit this issue through a browser.

The following exploit is available:

• /data/vulnerabilities/exploits/25861.php

Zomplog admin/upload_files.php Unauthorized Access Vulnerability

Solution:
The vendor released an update to address this issue. Please see the references for more information.


Zomplog Zomplog 3.7

• Zomplog zomplog-3.8.11.tar.gz
  http://www.zomp.nl/zomplog/downloads/zomplog-3.8.11.tar.gz

Zomplog Zomplog 3.8

• Zomplog zomplog-3.8.11.tar.gz
  http://www.zomp.nl/zomplog/downloads/zomplog-3.8.11.tar.gz

Zomplog Zomplog 3.8.1

• Zomplog zomplog-3.8.11.tar.gz
  http://www.zomp.nl/zomplog/downloads/zomplog-3.8.11.tar.gz

Zomplog admin/upload_files.php Unauthorized Access Vulnerability

References:

• Zomplog Homepage (Zomplog)
  
• [Sticky] Zomplog 3.8.11 - important security update (Zomplog)