AOH :: HP Unsorted P :: B1A-1024.HTM

PolyPager 1.0rc10 (fckeditor) File Upload Security Issue



PolyPager 1.0rc10 (fckeditor) File Upload Security Issue
PolyPager 1.0rc10 (fckeditor) File Upload Security Issue



PolyPager 1.0rc10 (fckeditor) Remote Arbitrary File Upload Vulnerability=0D
=0D
=0D
Impact  Security Bypass=0D
Where From remote=0D
Software PolyPager 1.0rc10=0D
=0D
Description=0D
A security issue has been discovered in PolyPager, which can be exploited by malicious people to bypass certain security restrictions.=0D
=0D
Access to the enabled FCKeditor component is not properly restricted, which can be exploited to e.g upload files of certain types.=0D
=0D
The security issue is confirmed in version 1.0rc10 Other versions may also be affected.=0D
=0D
Solution=0D
Restrict access to the plugins/fckeditor/editor/filemanager/connectors/ directory (e.g. via .htaccess)

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.