SocialEngine Music Sharing Plugin Arbitrary File Upload Vulnerability
Release Date : 2010-12-28
Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch
Software: SocialEngine Music Sharing Plugin 4.x
Description:
A vulnerability has been discovered in SocialEngine Music Sharing Plugin, which can be exploited by malicious users to compromise a vulnerable system.
The vulnerability is caused due to the application not properly validating uploaded files when uploading music files. This can be exploited to upload malicious PHP scripts to the web server.
Successful exploitation requires access to the SocialEngine Music Sharing Plugin.
The vulnerability is confirmed in version 4.0.4. Prior versions may also be affected.
Solution:
Update to SocialEngine Music Sharing Plugin version 4.0.5p2.
Provided and/or discovered by:
MyDoom
Original Advisory:
SocialEngine:
No comments:
Post a Comment