Native Solutions TBE Banner Engine Server Side Script Execution Vulnerability
BID:9472
Info
Native Solutions TBE Banner Engine Server Side Script Execution Vulnerability
| Bugtraq ID: | 9472 |
| Class: | Input Validation Error |
| CVE: |
CVE-2004-2098 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 22 2004 12:00AM |
| Updated: | Jul 12 2009 02:06AM |
| Credit: | The disclosure of this issue has been credited to Ed J. Aivazian <[email protected]>. |
| Vulnerable: |
Native Solutions TBE Banner Engine 5.0 Native Solutions TBE Banner Engine 4.0 |
| Not Vulnerable: | |
Discussion
Native Solutions TBE Banner Engine Server Side Script Execution Vulnerability
It has been reported that TBE Banner Engine may be prone a server side script execution vulnerability. Due to improper sanitization of user-supplied data, an attacker may be able to pass malicious PHP script code via to the file the banner is stored in. It may also be possible to embed code from other server-side scripting languages that are supported by the underlying server, such as Server Side Includes. When the banner is viewed, the attacker-supplied code will be interpreted.
TBE Banner Engine versions 4.0 and 5.0 may be prone to this vulnerability.
It has been reported that TBE Banner Engine may be prone a server side script execution vulnerability. Due to improper sanitization of user-supplied data, an attacker may be able to pass malicious PHP script code via to the file the banner is stored in. It may also be possible to embed code from other server-side scripting languages that are supported by the underlying server, such as Server Side Includes. When the banner is viewed, the attacker-supplied code will be interpreted.
TBE Banner Engine versions 4.0 and 5.0 may be prone to this vulnerability.
Exploit / POC
Native Solutions TBE Banner Engine Server Side Script Execution Vulnerability
No exploit is required.
No exploit is required.
Solution / Fix
Native Solutions TBE Banner Engine Server Side Script Execution Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Native Solutions TBE Banner Engine Server Side Script Execution Vulnerability
References:
References:
- Home page (Native Solutions)
- TBE - the banner engine server-side script execution vulnerability ("Ed J. Aivazian"
)