PT-2008-4595 · Webxell · Webxell Editor

Cwh Underground

Publicado

2008-07-15

Atualizado

2017-09-29

CVE-2008-3178

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: WebXell Editor version 0.1.3

Description: The issue allows remote attackers to execute arbitrary code by uploading a .php file with a jpeg content type to the upload pictures.php file, and then accessing it via a direct request to the file in the upload/ directory.

Recommendations: For WebXell Editor version 0.1.3, restrict access to the upload pictures.php file to prevent unauthorized file uploads, and consider validating the file type and content before allowing uploads to mitigate the risk of code execution.

Exploit

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2008-3178

Produtos afetados

Webxell Editor

PT-2008-4595 · Webxell · Webxell Editor

CVE-2008-3178

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7