PT-2008-2105 · Web Wiz · Web Wiz Rich Text Editor
Published
2008-01-29
·
Updated
2018-10-15
·
CVE-2008-0473
CVSS v2.0
6.4
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Web Wiz Rich Text Editor version 4.0
Description
The issue allows remote attackers to upload certain file types. Specifically, it enables the upload of
.html and .htm files via unspecified vectors.Recommendations
For Web Wiz Rich Text Editor version 4.0, consider restricting or disabling the upload functionality in the RTE popup save file.asp file until a patch is available. Additionally, restrict access to the file types
.html and .htm to minimize the risk of exploitation.Exploit
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Web Wiz Rich Text Editor