Full Disclosure mailing list archives

GAT-Ship Web Module [All versions before 1.40] - Unrestricted File Upload

From: <gionreale () tutanota com>
Date: Tue, 9 Apr 2019 09:01:51 +0200 (CEST)


GAT-Ship Web Module before the current version (1.40) suffers from a vulnerability allowing authenticated attackers to 
upload any file type to the server via the "Documents" area. This vulnerability is related to "uploadDocFile.aspx"


Fix:
Upgrade to 1.40

Discovered and reported by Gionathan Reale



_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Current thread:

Uniqkey Password Manager 1.14 - Remote Credential Disclosure gionreale (Apr 04)
- Uniqkey Password Manager 1.14 - Remote Denial Of Service [CVE-2019-10845] gionreale (Apr 05)
  - GAT-Ship Web Module [All versions before 1.40] - Unrestricted File Upload gionreale (Apr 09)
    - Re: GAT-Ship Web Module [All versions before 1.40] - Unrestricted File Upload gionreale (Apr 26)