PT-2013-5757 · Metaclassy · Byword
Published
2013-10-01
·
Updated
2013-10-08
·
CVE-2013-5725
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Metaclassy Byword app versions 2.0 through 2.1
Description
The issue allows remote attackers to overwrite arbitrary files. This is achieved via the
name and text parameters in a "byword://replace" URL, as the app does not require confirmation of Replace file actions.Recommendations
For Metaclassy Byword app versions 2.0 through 2.1, update to version 2.1 or later to resolve the issue.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Byword