iTop 2.2.0 Arbitrary File Upload

2015.12.05
Credit: Joel V
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-264

Team, #Date: 04/12/2015 #Discovered by: Joel Vadodil Varghese #Type of vulnerability: Arbitrary File Upload #Tested on: Windows 8.1 #Product: iTop #Version: 2.2.0 #Description: iTop 2.2.0 is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input. An attacker can exploit this issue to upload arbitrary code and run it in the context of the web server process; other attacks are also possible. Notified Vendor: November 04, 2015 No Response from Vendor as on date Public Disclosure: December 04, 2015 Reference: *http://sourceforge.net/p/itop/tickets/1168/ <http://sourceforge.net/p/itop/tickets/1168/>* Thanks, *Joel V*


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top