Unrestricted file upload vulnerability in the File Manager in the admin panel in Twentyone Degrees Symphony 1.7.01 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension to a directory specified in the destination parameter, then accessing the uploaded file via a direct request, as demonstrated using workspace/masters/.
References
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2008-08-11 23:41
Updated : 2024-02-04 17:33
NVD link : CVE-2008-3592
Mitre link : CVE-2008-3592
CVE.ORG link : CVE-2008-3592
JSON object : View
Products Affected
21degrees
- symphony
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')