PT-2009-2382 · Zeeways · Zeeways Zeejobsite

Publicado

2009-08-07

Atualizado

2017-09-29

CVE-2008-6913

CVSS v2.0

6.5

Média

Vetor

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: Zeeways ZEEJOBSITE version 2.0

Description: The issue allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a photo in a profile edit action, then accessing the file via a direct request to "jobseekers/logos/".

Recommendations: For Zeeways ZEEJOBSITE version 2.0, consider restricting file uploads to only allow non-executable file extensions as a temporary workaround until a patch is available. Restrict access to the "jobseekers/logos/" directory to minimize the risk of exploitation. Avoid using the file upload feature in the profile edit action until the issue is resolved.

Exploit

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2008-6913

Produtos afetados

Zeeways Zeejobsite

PT-2009-2382 · Zeeways · Zeeways Zeejobsite

CVE-2008-6913

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5