THELIA Arbitrary File Upload and Authentication Bypass Vulnerabilities
BID:30094
Info
THELIA Arbitrary File Upload and Authentication Bypass Vulnerabilities
| Bugtraq ID: | 30094 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 05 2008 12:00AM |
| Updated: | Jul 07 2008 11:39PM |
| Credit: | Black_H |
| Vulnerable: |
THELIA THELIA 1.3.5 |
| Not Vulnerable: |
THELIA THELIA 1.3.6 .1 |
Discussion
THELIA Arbitrary File Upload and Authentication Bypass Vulnerabilities
THELIA is prone to a vulnerability that lets remote attackers upload and execute arbitrary code because it fails to properly sanitize user-supplied files. It is also prone to an authentication-bypass vulnerability.
An attacker can leverage these issues to execute arbitrary code on an affected computer with the privileges of the webserver process or to perform administrative actions (such as validating commands without payment) without proper authentication.
THELIA 1.3.5 is vulnerable; other versions may also be affected.
THELIA is prone to a vulnerability that lets remote attackers upload and execute arbitrary code because it fails to properly sanitize user-supplied files. It is also prone to an authentication-bypass vulnerability.
An attacker can leverage these issues to execute arbitrary code on an affected computer with the privileges of the webserver process or to perform administrative actions (such as validating commands without payment) without proper authentication.
THELIA 1.3.5 is vulnerable; other versions may also be affected.
Exploit / POC
THELIA Arbitrary File Upload and Authentication Bypass Vulnerabilities
Attackers may exploit this issue through a browser.
The following exploit is available:
Attackers may exploit this issue through a browser.
The following exploit is available:
Solution / Fix
THELIA Arbitrary File Upload and Authentication Bypass Vulnerabilities
Solution:
The vendor has released THELIA 1.3.6.1 to address these issues. Please see the references for more information.
THELIA THELIA 1.3.5
Solution:
The vendor has released THELIA 1.3.6.1 to address these issues. Please see the references for more information.
THELIA THELIA 1.3.5
-
THELIA thelia_1.3.6.1.zip
http://www.thelia.fr/fichiers/thelia_1.3.6.1.zip
References
THELIA Arbitrary File Upload and Authentication Bypass Vulnerabilities
References:
References:
- THELIA 1.3.6.1 - Mise à jour de sécurité (THELIA)
- THELIA Home Page (THELIA)