Vana CMS 'filename' Parameter Remote File Download Vulnerability
BID:39415
Info
Vana CMS 'filename' Parameter Remote File Download Vulnerability
| Bugtraq ID: | 39415 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 13 2010 12:00AM |
| Updated: | Apr 13 2010 12:00AM |
| Credit: | Pouya Daneshmand |
| Vulnerable: |
vanasoft Vana CMS 0 |
| Not Vulnerable: | |
Discussion
Vana CMS 'filename' Parameter Remote File Download Vulnerability
Vana CMS is prone to a vulnerability that lets attackers download arbitrary files. The issue occurs because the application fails to sufficiently sanitize user-supplied input.
Exploiting this issue will allow an attacker to view arbitrary files within the context of the application. Information harvested may aid in launching further attacks
Vana CMS is prone to a vulnerability that lets attackers download arbitrary files. The issue occurs because the application fails to sufficiently sanitize user-supplied input.
Exploiting this issue will allow an attacker to view arbitrary files within the context of the application. Information harvested may aid in launching further attacks
Exploit / POC
Vana CMS 'filename' Parameter Remote File Download Vulnerability
Attackers likely use the Vana CMS application and/or a web browser to exploit this issue.
The following example URI is available:
http://www.example.com/download.php?filename=File.php
Attackers likely use the Vana CMS application and/or a web browser to exploit this issue.
The following example URI is available:
http://www.example.com/download.php?filename=File.php
Solution / Fix
Vana CMS 'filename' Parameter Remote File Download Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
References
Vana CMS 'filename' Parameter Remote File Download Vulnerability
References:
References: