Contenido Multiple Unspecified Remote File Include Vulnerabilities
BID:30588
Info
Contenido Multiple Unspecified Remote File Include Vulnerabilities
| Bugtraq ID: | 30588 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 07 2008 12:00AM |
| Updated: | Aug 07 2008 05:46PM |
| Credit: | The vendor disclosed these issues. |
| Vulnerable: |
Contenido Contenido 4.8.6 Contenido Contenido 4.8.4 Contenido Contenido 4.6.4 Contenido Contenido 4.6.1 Contenido Contenido 4.6 |
| Not Vulnerable: |
Contenido Contenido 4.8.7 |
Discussion
Contenido Multiple Unspecified Remote File Include Vulnerabilities
Contenido is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues may allow an attacker to compromise the application and the underlying computer; other attacks are also possible.
Versions prior to Contenido 4.8.7 are vulnerable.
Contenido is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues may allow an attacker to compromise the application and the underlying computer; other attacks are also possible.
Versions prior to Contenido 4.8.7 are vulnerable.
Exploit / POC
Contenido Multiple Unspecified Remote File Include Vulnerabilities
An attacker can exploit these issues via a browser.
An attacker can exploit these issues via a browser.
Solution / Fix
Contenido Multiple Unspecified Remote File Include Vulnerabilities
Solution:
The vendor released Contenido 4.8.7 to address these issues. Please see the references for more information.
Contenido Contenido 4.6
Contenido Contenido 4.6.1
Contenido Contenido 4.6.4
Contenido Contenido 4.8.4
Contenido Contenido 4.8.6
Solution:
The vendor released Contenido 4.8.7 to address these issues. Please see the references for more information.
Contenido Contenido 4.6
-
Contenido Contenido_4.8.7.zip
http://www.contenido.org/en/upload/versionen/Contenido_4.8.7.zip
Contenido Contenido 4.6.1
-
Contenido Contenido_4.8.7.zip
http://www.contenido.org/en/upload/versionen/Contenido_4.8.7.zip
Contenido Contenido 4.6.4
-
Contenido Contenido_4.8.7.zip
http://www.contenido.org/en/upload/versionen/Contenido_4.8.7.zip
Contenido Contenido 4.8.4
-
Contenido Contenido_4.8.7.zip
http://www.contenido.org/en/upload/versionen/Contenido_4.8.7.zip
Contenido Contenido 4.8.6
-
Contenido Contenido_4.8.7.zip
http://www.contenido.org/en/upload/versionen/Contenido_4.8.7.zip
References
Contenido Multiple Unspecified Remote File Include Vulnerabilities
References:
References:
- Contenido 4.8.7 erschienen (Contenido)
- Vendor Homepage (Contenido)