[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] GAT-Ship Web Module [All versions before 1.40] - Unrestricted File Upload

To: Fulldisclosure <fulldisclosure@xxxxxxxxxxxx>
Subject: [FD] GAT-Ship Web Module [All versions before 1.40] - Unrestricted File Upload
From: <gionreale@xxxxxxxxxxxx>
Date: Tue, 9 Apr 2019 09:01:51 +0200 (CEST)

GAT-Ship Web Module before the current version (1.40) suffers from a 
vulnerability allowing authenticated attackers to upload any file type to the 
server via the "Documents" area. This vulnerability is related to 
"uploadDocFile.aspx"


Fix:
Upgrade to 1.40



> Discovered and reported by Gionathan Reale
>


_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Follow-Ups:
- Re: [FD] GAT-Ship Web Module [All versions before 1.40] - Unrestricted File Upload
  - From: gionreale

References:
- [FD] Uniqkey Password Manager 1.14 - Remote Credential Disclosure
  - From: gionreale
- [FD] Uniqkey Password Manager 1.14 - Remote Denial Of Service [CVE-2019-10845]
  - From: gionreale

Prev by Date: [FD] EasyIO 30P: CVE-2018-15820 (Stored XSS) and CVE-2018-15819 (Authentication bypass)
Next by Date: [FD] CALL FOR PAPERS - Hackers 2 Hackers Conference 16th edition
Previous by thread: [FD] Uniqkey Password Manager 1.14 - Remote Denial Of Service [CVE-2019-10845]
Next by thread: Re: [FD] GAT-Ship Web Module [All versions before 1.40] - Unrestricted File Upload
Index(es):
- Date
- Thread