Secunia Advisory: | SA28154 | |
Release Date: | 2007-12-19 | |
Critical: | Moderately critical | |
Impact: | System access | |
Where: | From remote | |
Solution Status: | Unpatched | |
Software: | Dokeos 1.x | |
This advisory is currently marked as unpatched! - Companies can be alerted when a patch is released! |
A vulnerability has been discovered in Dokeos, which can be exploited by malicious users to compromise a vulnerable system.
The vulnerability is caused due to an error in the handling of file uploads to "My productions" under "My profile", if a filename has multiple file extensions (e.g. "file.php.1"). This can be exploited to upload and execute arbitrary PHP code.
Successful exploitation requires valid user credentials and an certain server configuration (e.g. an Apache server with the "mod_mime" module installed).
The vulnerability is confirmed in version 1.8.4. Other versions may also be affected.
Solution:
Grant only trusted users access to the application.
Restrict access to the "main/upload/users/" directory (e.g. with ".htaccess"). This will however break the download functionality.
Provided and/or discovered by:
RoMaNcYxHaCkEr and an anonymous person
Original Advisory:
http://milw0rm.com/exploits/4753
資料來源 http://secunia.com/advisories/28154/
全站熱搜
留言列表