efileman Arbitrary File Upload And Access Validation Vulnerabilities
BID:26184
Info
efileman Arbitrary File Upload And Access Validation Vulnerabilities
| Bugtraq ID: | 26184 |
| Class: | Access Validation Error |
| CVE: |
CVE-2007-5734 CVE-2007-5735 |
| Remote: | Yes |
| Local: | No |
| Published: | Oct 23 2007 12:00AM |
| Updated: | Nov 15 2007 12:38AM |
| Credit: | Pete Houston discovered these issues. |
| Vulnerable: |
efileman efileman 7.1 |
| Not Vulnerable: | |
Discussion
efileman Arbitrary File Upload And Access Validation Vulnerabilities
The 'efileman' program is prone to multiple arbitrary-file-upload vulnerabilities and an access-validation vulnerability.
An attacker can exploit these issues to upload and execute arbitrary code in the context of the affected application or to view and modify sensitive configuration data.
These issues affect efileman 7.1; other versions may also be affected.
The 'efileman' program is prone to multiple arbitrary-file-upload vulnerabilities and an access-validation vulnerability.
An attacker can exploit these issues to upload and execute arbitrary code in the context of the affected application or to view and modify sensitive configuration data.
These issues affect efileman 7.1; other versions may also be affected.
Exploit / POC
efileman Arbitrary File Upload And Access Validation Vulnerabilities
An attacker can exploit these issues via a browser.
An attacker can exploit these issues via a browser.
Solution / Fix
efileman Arbitrary File Upload And Access Validation Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
References
efileman Arbitrary File Upload And Access Validation Vulnerabilities
References:
References: