webEdition 'file' Parameter Directory Traversal Vulnerability

Bugtraq ID:	69883
Class:	Input Validation Error
CVE:	CVE-2014-5258
Remote:	Yes
Local:	No
Published:	Aug 06 2014 12:00AM
Updated:	Aug 06 2014 12:00AM
Credit:	High-Tech Bridge Security Research Lab
Vulnerable:	Webedition Webedition Cms 6.3.8.0
Not Vulnerable:	Webedition Webedition Cms 6.3.9 Beta

webEdition 'file' Parameter Directory Traversal Vulnerability

webEdition is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.

Remote attackers can use a specially crafted request with directory-traversal sequences ('../') to retrieve arbitrary files in the context of the application. Information obtained could aid in further attacks.

webEdition 6.3.8.0 is vulnerable; other versions may also be affected.

webEdition 'file' Parameter Directory Traversal Vulnerability

Attackers can exploit this issue through a browser.

The following example data is available:

www.example.com/webEdition/showTempFile.php?file=../../../../etc/passwd

webEdition 'file' Parameter Directory Traversal Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.