PT-2009-2562 · Unica · Unica Affinium Campaign

Published

2009-08-26

Updated

2017-08-17

CVE-2008-7093

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Unica Affinium Campaign version 7.2.1.0.55

Description The issue allows remote attackers to perform directory traversal attacks. This can be achieved in two ways: (1) by creating arbitrary directories or files using a .. (dot dot) in the folder name in the new folder functionality, or (2) by listing arbitrary files via a crafted request to "Campaign/CampaignListener".

Recommendations For Unica Affinium Campaign version 7.2.1.0.55, consider restricting access to the new folder functionality and limiting the ability to send crafted requests to "Campaign/CampaignListener" until a patch is available. As a temporary workaround, restrict the use of the .. (dot dot) sequence in folder names to prevent directory traversal.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2008-7093

Affected Products

Unica Affinium Campaign

PT-2009-2562 · Unica · Unica Affinium Campaign

CVE-2008-7093

Weakness Enumeration

Related Identifiers

Affected Products

References · 9