WebXell Editor 'upload_pictures.php' Arbitrary File Upload Vulnerability
BID:30117
Info
WebXell Editor 'upload_pictures.php' Arbitrary File Upload Vulnerability
| Bugtraq ID: | 30117 |
| Class: | Input Validation Error |
| CVE: |
CVE-2008-3178 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 07 2008 12:00AM |
| Updated: | May 07 2015 05:27PM |
| Credit: | CWH Underground |
| Vulnerable: |
WebXell Editor WebXell Editor 0.1.3 |
| Not Vulnerable: | |
Discussion
WebXell Editor 'upload_pictures.php' Arbitrary File Upload Vulnerability
WebXell Editor is prone to a vulnerability that lets remote attackers upload and execute arbitrary script code on an affected computer with the privileges of the webserver process. The issue occurs because the application fails to sanitize user-supplied input.
WebXell Editor 0.1.3 is vulnerable; other versions may also be affected.
WebXell Editor is prone to a vulnerability that lets remote attackers upload and execute arbitrary script code on an affected computer with the privileges of the webserver process. The issue occurs because the application fails to sanitize user-supplied input.
WebXell Editor 0.1.3 is vulnerable; other versions may also be affected.
Exploit / POC
WebXell Editor 'upload_pictures.php' Arbitrary File Upload Vulnerability
Attackers may exploit this issue through a browser.
Attackers may exploit this issue through a browser.
Solution / Fix
WebXell Editor 'upload_pictures.php' Arbitrary File Upload Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
WebXell Editor 'upload_pictures.php' Arbitrary File Upload Vulnerability
References:
References:
- WebXell Editor Homepage (WebXell Editor)