MyReview Remote Information Disclosure Vulnerability
BID:30326
Info
MyReview Remote Information Disclosure Vulnerability
| Bugtraq ID: | 30326 |
| Class: | Access Validation Error |
| CVE: |
CVE-2008-3671 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 21 2008 12:00AM |
| Updated: | Jul 22 2008 08:48PM |
| Credit: | Julien A. Thomas |
| Vulnerable: |
The MyReview System MyReview 1.9.9 |
| Not Vulnerable: | |
Discussion
MyReview Remote Information Disclosure Vulnerability
MyReview is prone to a remote information-disclosure vulnerability because it fails to properly secure submitted content.
Exploiting this issue will allow attackers to view arbitrary files within the context of the webserver. Information harvested may aid in further attacks.
MyReview 1.9.9 is affected; other versions may also be affected.
MyReview is prone to a remote information-disclosure vulnerability because it fails to properly secure submitted content.
Exploiting this issue will allow attackers to view arbitrary files within the context of the webserver. Information harvested may aid in further attacks.
MyReview 1.9.9 is affected; other versions may also be affected.
Exploit / POC
MyReview Remote Information Disclosure Vulnerability
Attackers can exploit this issue via a browser.
Attackers can exploit this issue via a browser.
Solution / Fix
MyReview Remote Information Disclosure Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
MyReview Remote Information Disclosure Vulnerability
References:
References:
- MyReview Home Page (The MyReview System)
- Vulnerability CVE-2008-3671 - MyReview's vulnerability in the access control sys ("Julien Thomas"