File Manager HTML Injection and Local File Include Vulnerabilities
BID:58313
Info
File Manager HTML Injection and Local File Include Vulnerabilities
| Bugtraq ID: | 58313 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 23 2013 12:00AM |
| Updated: | Feb 23 2013 12:00AM |
| Credit: | Benjamin Kunz Mejri |
| Vulnerable: |
Ralf Hollax File Manager 1.2 |
| Not Vulnerable: | |
Discussion
File Manager HTML Injection and Local File Include Vulnerabilities
File Manager is prone to an HTML-injection vulnerability and a local file-include vulnerability.
Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, steal cookie-based authentication credentials and open or run arbitrary files in the context of the web server process. Other attacks are also possible.
File Manager 1.2 is vulnerable; other versions may also be affected.
File Manager is prone to an HTML-injection vulnerability and a local file-include vulnerability.
Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, steal cookie-based authentication credentials and open or run arbitrary files in the context of the web server process. Other attacks are also possible.
File Manager 1.2 is vulnerable; other versions may also be affected.
Solution / Fix
File Manager HTML Injection and Local File Include Vulnerabilities
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
File Manager HTML Injection and Local File Include Vulnerabilities
References:
References:
- Remote File Manager v1.2 iOS - Multiple Web Vulnerabilities (Vulnerability Lab)
- File Manager Homepage (Ralf Hollax)