Seagull Arbitrary File Upload Vulnerability
BID:29982
Info
Seagull Arbitrary File Upload Vulnerability
| Bugtraq ID: | 29982 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 26 2008 12:00AM |
| Updated: | Jun 27 2008 10:40PM |
| Credit: | EgiX |
| Vulnerable: |
Seagull PHP Framework Seagull 0.6.4 |
| Not Vulnerable: | |
Discussion
Seagull Arbitrary File Upload Vulnerability
Seagull is prone to a vulnerability that lets remote attackers upload and execute arbitrary script code on an affected computer with the privileges of the webserver process. The issue occurs because the application fails to sanitize user-supplied input.
Seagull 0.6.4 and prior versions are vulnerable.
Seagull is prone to a vulnerability that lets remote attackers upload and execute arbitrary script code on an affected computer with the privileges of the webserver process. The issue occurs because the application fails to sanitize user-supplied input.
Seagull 0.6.4 and prior versions are vulnerable.
Exploit / POC
Seagull Arbitrary File Upload Vulnerability
Attackers may exploit this issue through a browser.
The following proof of concept is available:
Attackers may exploit this issue through a browser.
The following proof of concept is available:
Solution / Fix
Seagull Arbitrary File Upload Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].