| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <333ee494e7d720066995a3ef757db525@mail.ankalagon.ru> Date: Fri, 23 Apr 2010 10:30:12 +0400 From: Владимир Воронцов <vladimir.vorontsov@...ec.ru> To: Cve <cve@...re.org>, Full disclosure <full-disclosure@...ts.grok.org.uk> Subject: Amiro CMS<=5.4.4 PHP injection [ONSEC-09-026] Amiro CMS PHP inj [CVE number requested] Objective: Amiro CMS <= 5.4.4 Type: PHP injection Threat: Medium Discovery date: 29.12.2009 Date of notification Developer: 29.12.2009 Released correction: 03/05/2010 Author: Vladimir Vorontsov OnSec Russian Security Group (onsec [dot] ru) Description: A vulnerability opens the way to overwrite and create arbitrary files on the target system. An attacker can affect the data falling into the file by changing some parameters in the administrative console. Also, due to lack of filtration attacker can specify an arbitrary file name and path, using the relative definition. The most dangerous is the creation of an executable file interpreter, which leads to the execution of arbitrary commands. For operation, a user account access to the module "Data Sharing" in the administrative console. The vulnerability exists due to lack of filtration in the name and file type in the module "Data Sharing". original at russian: http://onsec.ru/vuln?id=21 -- Best regards, Vladimir Vorontsov ONsec security expert _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists