WebSPELL “picture.php” Information Leaking - Exabytes Security Portal

Categories

Applications (255)
Blogs (7)
Content Management (167)
Customer Relationship (4)
Discussion Boards (37)
E-Commerce (15)
General Purpose Directories (2)
Image Galleries (21)
Mailing Lists (1)
Tips (3)
Vulnerabilities (366)
Access Bypass (55)
Cross Site Scripting (138)
Denial Of Service (2)
File Inclusion (54)
Information Disclosure (15)
Privilege Escalation (2)
Remote Command Execution (17)
Session Hijacking (2)
SQL Injection (140)

WebSPELL “picture.php” Information Leaking

Published by CS Lee April 9th, 2007 in Access Bypass.

Application: WebSpell CMS
Version: 4.01.02 or earlier
Vendor’s URL: http://cms.webspell.org/
Bug Type: Information Leaking
Risk: Low

Criteria:
- register_globals must be enabled.
- PHP version prior to 4.3.0 must be used

Solution:
- Waiting for official patch or update
- Edit the source code to ensure the input is properly sanitized

0 Responses to “WebSPELL “picture.php” Information Leaking”

Feed for this Entry Trackback Address

No Comments

Leave a Reply

You must login to post a comment.

Search

Subscribe

Entries RSS

Latest