Full Disclosure mailing list archives
Amiro CMS<=5.4.4 PHP injection
From: Владимир Воронцов <vladimir.vorontsov () onsec ru>
Date: Fri, 23 Apr 2010 10:30:12 +0400
[ONSEC-09-026] Amiro CMS PHP inj [CVE number requested] Objective: Amiro CMS <= 5.4.4 Type: PHP injection Threat: Medium Discovery date: 29.12.2009 Date of notification Developer: 29.12.2009 Released correction: 03/05/2010 Author: Vladimir Vorontsov OnSec Russian Security Group (onsec [dot] ru) Description: A vulnerability opens the way to overwrite and create arbitrary files on the target system. An attacker can affect the data falling into the file by changing some parameters in the administrative console. Also, due to lack of filtration attacker can specify an arbitrary file name and path, using the relative definition. The most dangerous is the creation of an executable file interpreter, which leads to the execution of arbitrary commands. For operation, a user account access to the module "Data Sharing" in the administrative console. The vulnerability exists due to lack of filtration in the name and file type in the module "Data Sharing". original at russian: http://onsec.ru/vuln?id=21 -- Best regards, Vladimir Vorontsov ONsec security expert _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Amiro CMS<=5.4.4 PHP injection Владимир Воронцов (Apr 22)