FormEncode 'chained_validators' Class Security Bypass Vulnerability
BID:30282
Info
FormEncode 'chained_validators' Class Security Bypass Vulnerability
| Bugtraq ID: | 30282 |
| Class: | Access Validation Error |
| CVE: |
CVE-2008-6547 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 25 2008 12:00AM |
| Updated: | Apr 16 2015 05:45PM |
| Credit: | Petter Urkedal |
| Vulnerable: |
FormEncode FormEncode 1.0 |
| Not Vulnerable: |
FormEncode FormEncode 1.0.1 |
Discussion
FormEncode 'chained_validators' Class Security Bypass Vulnerability
FormEncode is prone to a vulnerability that may allow attackers to bypass certain filters.
This issue affects FormEncode 1.0; other versions may also be affected.
FormEncode is prone to a vulnerability that may allow attackers to bypass certain filters.
This issue affects FormEncode 1.0; other versions may also be affected.
Exploit / POC
FormEncode 'chained_validators' Class Security Bypass Vulnerability
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
FormEncode 'chained_validators' Class Security Bypass Vulnerability
Solution:
The vendor has released a fix. Please see the references for more information.
Solution:
The vendor has released a fix. Please see the references for more information.
References
FormEncode 'chained_validators' Class Security Bypass Vulnerability
References:
References:
- [ 1925164 ] chained_validators don't run in 1.0 (FormEncode)
- FormEncode Homepage (FormEncode)