LightBlog Privilege Escalation and Arbitrary File Upload Vulnerabilities
BID:25990
Info
LightBlog Privilege Escalation and Arbitrary File Upload Vulnerabilities
| Bugtraq ID: | 25990 |
| Class: | Unknown |
| CVE: |
CVE-2007-5374 |
| Remote: | Yes |
| Local: | No |
| Published: | Oct 09 2007 12:00AM |
| Updated: | May 07 2015 05:35PM |
| Credit: | BlackHawk is credited with the discovery of these issues. |
| Vulnerable: |
PublicWarehouse.co.uk LightBlog 8.4.1.1 |
| Not Vulnerable: | |
Discussion
LightBlog Privilege Escalation and Arbitrary File Upload Vulnerabilities
LightBlog is prone to multiple vulnerabilities including a privilege-escalation issue and an arbitrary-file-upload issue.
Remote attackers can exploit these issues to gain administrative access to the affected application and to execute arbitrary commands with the privileges of the webserver process.
These issues affect LightBlog 8.4.1.1; other versions may also be affected.
LightBlog is prone to multiple vulnerabilities including a privilege-escalation issue and an arbitrary-file-upload issue.
Remote attackers can exploit these issues to gain administrative access to the affected application and to execute arbitrary commands with the privileges of the webserver process.
These issues affect LightBlog 8.4.1.1; other versions may also be affected.
Exploit / POC
LightBlog Privilege Escalation and Arbitrary File Upload Vulnerabilities
An attacker can exploit these issues through a browser.
The following exploit code is available:
An attacker can exploit these issues through a browser.
The following exploit code is available:
Solution / Fix
LightBlog Privilege Escalation and Arbitrary File Upload Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
LightBlog Privilege Escalation and Arbitrary File Upload Vulnerabilities
References:
References:
- LightBlog Homepage (PublicWarehouse.co.uk)