[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE Request: WebsiteBaker 2.8.1 <= Arbitrary
From: Josh Bressers <bressers () redhat ! com>
Date: 2011-08-19 19:08:51
Message-ID: 1383647632.141993.1313780931833.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]
Please use CVE-2011-2933
Thanks.
--
JB
----- Original Message -----
> 1. OVERVIEW
>
> WebsiteBaker 2.8.1 and lower versions are vulnerable to Arbitrary File
> Upload.
>
>
> 2. BACKGROUND
>
> WebsiteBaker helps you to create the website you want: A free, easy
> and secure, flexible and extensible open source content management
> system (CMS). Create new templates within minutes - powered by
> (X)HTML, CSS and jQuery. With WebsiteBaker it's quite natural your
> site is W3C-valid, SEO-friendly and accessible - there are no
> limitations at all.
>
>
> 3. VULNERABILITY DESCRIPTION
>
> WebsiteBaker 2.8.1 and lower versions contain a flaw related to the
> /admin/media/upload.php script failing to restrict uploaded files with
> extensions - .htaccess, .php4, .php5, .phtml. This may allow an
> attacker to execute arbitrary PHP code. User account to WebsiteBaker
> admin backend is required. Attacker could gain access it by way of
> either brute force or CSRFing to currently-logged in admin users.
>
>
> 4. VERSIONS AFFECTED
>
> 2.8.1 <=
>
>
> 5. SOLUTION
>
> Upgrade to 2.8.2 or higher
>
>
> 6. VENDOR
>
> WebsiteBaker Org e. V.
> http://www.websitebaker2.org/
>
>
> 7. CREDIT
>
> This vulnerability was discovered by Aung Khant, http://yehg.net, YGN
> Ethical Hacker Group, Myanmar.
>
>
> 8. DISCLOSURE TIME-LINE
>
> 2011-01-26: notified vendor
> 2011-08-01: vendor released fix
> 2011-08-13: vulnerability disclosed
>
>
> 9. REFERENCES
>
> Original Advisory URL:
> http://yehg.net/lab/pr0js/advisories/[websitebaker-2.8.1]_arbitrary_file_upload
> http://www.gnucitizen.org/blog/cross-site-file-upload-attacks/
>
>
> #yehg [2011-08-13]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic