Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1460

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2002-1460
Last Modified 05 Sep 2008 04:30:39
Published 09 Jun 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-1460

Summary

L-Forum 2.40 and earlier does not properly verify whether a file was uploaded or if the associated variables were set by POST (attachment, attachment_name, attachment_size and attachment_type), which allows remote attackers to read arbitrary files.

Vulnerable Systems

Application

  • Leszek Krupinski L-forum 2.4.0


References

BID - 5463

XF - lforum-upload-read-files(9839)

CONFIRM - http://sourceforge.net/tracker/index.php?func=detail&aid=579278&group_id=53716&atid=471343

CONFIRM - http://sourceforge.net/tracker/download.php?group_id=53716&atid=471343&file_id=26687&aid=579278

BUGTRAQ - 20020813 L-Forum XSS and upload spoofing


Last Updated: 27 May 2016 10:37:20