CVE-2009-1314

Name of the Vulnerable Software and Affected Versions Web File Explorer version 3.1

Description The issue allows remote attackers to create arbitrary files and execute arbitrary code. This is achieved by using the savefile action with a file parameter containing a filename that has an executable extension in the body.asp file.

Recommendations For Web File Explorer version 3.1, consider restricting access to the body.asp file to prevent remote attackers from creating and executing arbitrary files. As a temporary workaround, restrict the savefile action to prevent the creation of files with executable extensions until a patch is available.