Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3592

Overview

Vulnerability Score 8.5 8.5
CVE Id CVE-2008-3592
Last Modified 29 Jan 2009 01:53:55
Published 11 Aug 2008 07:41:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2008-3592

Summary

Unrestricted file upload vulnerability in the File Manager in the admin panel in Twentyone Degrees Symphony 1.7.01 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension to a directory specified in the destination parameter, then accessing the uploaded file via a direct request, as demonstrated using workspace/masters/.

Vulnerable Systems

Application

  • 21degrees Symphony 1.1

  • 21degrees Symphony 1.5

  • 21degrees Symphony 1.5.05

  • 21degrees Symphony 1.5.06

  • 21degrees Symphony 1.6.02

  • 21degrees Symphony 1.7

  • 21degrees Symphony 1.7.01


References

SECUNIA - 31293

CONFIRM - http://overture21.com/forum/comments.php?DiscussionID=1823

XF - symphony-file-upload(44432)

MILW0RM - 6177

SREASON - 4137


Last Updated: 27 May 2016 10:48:14