[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

PolyPager 1.0rc10 (fckeditor) File Upload Security Issue

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: PolyPager 1.0rc10 (fckeditor) File Upload Security Issue
From: eidelweiss@xxxxxxxxxxxxxxxxx
Date: 12 May 2010 19:02:33 -0000

PolyPager 1.0rc10 (fckeditor) Remote Arbitrary File Upload Vulnerability


Impact  Security Bypass
Where From remote
Software PolyPager 1.0rc10

Description
A security issue has been discovered in PolyPager, which can be exploited by 
malicious people to bypass certain security restrictions.

Access to the enabled FCKeditor component is not properly restricted, which can 
be exploited to e.g upload files of certain types.

The security issue is confirmed in version 1.0rc10 Other versions may also be 
affected.

Solution
Restrict access to the plugins/fckeditor/editor/filemanager/connectors/ 
directory (e.g. via .htaccess)

Prev by Date: Secunia Research: Adobe Shockwave Player Signedness Error Vulnerability
Next by Date: Secunia Research: Adobe Shockwave Player Array Indexing Vulnerability
Previous by thread: Secunia Research: Adobe Shockwave Player Signedness Error Vulnerability
Next by thread: Secunia Research: Adobe Shockwave Player Array Indexing Vulnerability
Index(es):
- Date
- Thread