iFolder+ Local File Include and Arbitrary File Upload Vulnerabilities
BID:68993
Info
iFolder+ Local File Include and Arbitrary File Upload Vulnerabilities
| Bugtraq ID: | 68993 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 31 2014 12:00AM |
| Updated: | Jul 31 2014 12:00AM |
| Credit: | Benjamin Kunz Mejri |
| Vulnerable: |
TigerCom iFolder+ 1.2 |
| Not Vulnerable: | |
Discussion
iFolder+ Local File Include and Arbitrary File Upload Vulnerabilities
iFolder+ is prone to a local file-include vulnerability and an arbitrary file-upload vulnerability.
An attacker can exploit these issues to upload arbitrary files onto the web server, execute arbitrary local files within the context of the web server, and obtain sensitive information.
iFolder+ 1.2 is vulnerable; other versions may also be affected.
iFolder+ is prone to a local file-include vulnerability and an arbitrary file-upload vulnerability.
An attacker can exploit these issues to upload arbitrary files onto the web server, execute arbitrary local files within the context of the web server, and obtain sensitive information.
iFolder+ 1.2 is vulnerable; other versions may also be affected.
Solution / Fix
iFolder+ Local File Include and Arbitrary File Upload Vulnerabilities
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].