PT-2009-3855 · Unknown · Web File Explorer

Giovanni Buzzin

Published

2009-04-17

Updated

2017-09-29

CVE-2009-1323

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Web File Explorer version 3.1

Description A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved by manipulating the id parameter in the "body.asp" file.

Recommendations For Web File Explorer version 3.1, avoid using the id parameter in the body.asp file until a fix is available. Consider restricting access to the body.asp file to minimize the risk of exploitation.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2009-1323

Affected Products

Web File Explorer

PT-2009-3855 · Unknown · Web File Explorer

CVE-2009-1323

Weakness Enumeration

Related Identifiers

Affected Products

References · 5