Oxwall '/admin/settings/user' Multiple Arbitrary PHP Code Execution Vulnerabilities
BID:68937
Info
Oxwall '/admin/settings/user' Multiple Arbitrary PHP Code Execution Vulnerabilities
| Bugtraq ID: | 68937 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 28 2014 12:00AM |
| Updated: | Aug 01 2014 12:01AM |
| Credit: | Gjoko Krstic |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
Oxwall '/admin/settings/user' Multiple Arbitrary PHP Code Execution Vulnerabilities
Oxwall is prone to multiple arbitrary PHP code-execution vulnerabilities because it fails to properly verify the uploaded files.
An attacker can exploit these issues to execute arbitrary PHP code within the context of the web server.
Oxwall 1.7.0 is vulnerable; other versions may also be affected.
Oxwall is prone to multiple arbitrary PHP code-execution vulnerabilities because it fails to properly verify the uploaded files.
An attacker can exploit these issues to execute arbitrary PHP code within the context of the web server.
Oxwall 1.7.0 is vulnerable; other versions may also be affected.
Exploit / POC
Oxwall '/admin/settings/user' Multiple Arbitrary PHP Code Execution Vulnerabilities
An attacker can exploit these issues using a web browser.
The following exploit code is available:
An attacker can exploit these issues using a web browser.
The following exploit code is available:
Solution / Fix
Oxwall '/admin/settings/user' Multiple Arbitrary PHP Code Execution Vulnerabilities
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Oxwall '/admin/settings/user' Multiple Arbitrary PHP Code Execution Vulnerabilities
References:
References:
- Oxwall Homepage (Oxwall)