Portaneo Open Source Homepage 'fckeditor' Arbitrary File Upload Vulnerability
BID:39764
Info
Portaneo Open Source Homepage 'fckeditor' Arbitrary File Upload Vulnerability
| Bugtraq ID: | 39764 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 28 2010 12:00AM |
| Updated: | Apr 28 2010 12:00AM |
| Credit: | eidelweiss |
| Vulnerable: |
Portaneo Open Source Homepage 2.2.3 |
| Not Vulnerable: | |
Discussion
Portaneo Open Source Homepage 'fckeditor' Arbitrary File Upload Vulnerability
Portaneo Open Source Homepage is prone to a vulnerability that lets remote attackers upload and execute arbitrary script code on an affected computer with the privileges of the webserver process. The issue occurs because the application fails to validate upload permissions.
Portaneo Open Source Homepage 2.2.3 is vulnerable; other versions may also be affected.
Portaneo Open Source Homepage is prone to a vulnerability that lets remote attackers upload and execute arbitrary script code on an affected computer with the privileges of the webserver process. The issue occurs because the application fails to validate upload permissions.
Portaneo Open Source Homepage 2.2.3 is vulnerable; other versions may also be affected.
Exploit / POC
Portaneo Open Source Homepage 'fckeditor' Arbitrary File Upload Vulnerability
Attackers can exploit this issue via a web browser.
Attackers can exploit this issue via a web browser.
Solution / Fix
Portaneo Open Source Homepage 'fckeditor' Arbitrary File Upload Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Portaneo Open Source Homepage 'fckeditor' Arbitrary File Upload Vulnerability
References:
References: