Full Disclosure mailing list archives
GAT-Ship Web Module [All versions before 1.40] - Unrestricted File Upload
From: <gionreale () tutanota com>
Date: Tue, 9 Apr 2019 09:01:51 +0200 (CEST)
GAT-Ship Web Module before the current version (1.40) suffers from a vulnerability allowing authenticated attackers to upload any file type to the server via the "Documents" area. This vulnerability is related to "uploadDocFile.aspx" Fix: Upgrade to 1.40
Discovered and reported by Gionathan Reale
_______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Uniqkey Password Manager 1.14 - Remote Credential Disclosure gionreale (Apr 04)
- Uniqkey Password Manager 1.14 - Remote Denial Of Service [CVE-2019-10845] gionreale (Apr 05)
- GAT-Ship Web Module [All versions before 1.40] - Unrestricted File Upload gionreale (Apr 09)
- Uniqkey Password Manager 1.14 - Remote Denial Of Service [CVE-2019-10845] gionreale (Apr 05)