[VIM] 22793: CRE Loaded files.php Unauthenticated Arbitrary File Upload (fwd)
security curmudgeon
jericho at attrition.org
Thu Feb 9 02:40:13 EST 2006
I have updated OSVDB 22793 to reflect all of this.
---------- Forwarded message ----------
From: David M. Graham
To: security curmudgeon <jericho at attrition.org>
Cc: moderators at osvdb.org
Date: Sat, 04 Feb 2006 10:16:21 -0600
Subject: Re: [OSVDB Mods] [Change Request] 22793: CRE Loaded files.php
Unauthenticated Arbitrary File Upload
Brian,
HTMLarea is a product of dynarch.com and interactivetools.com . It is
available under a BSD type license and is widely used in Open Source web
projects.
http://www.dynarch.com/projects/htmlarea/ is the product page, and should
give more information.
Various releases of CRE Loaded have used both HTMLArea 1.7 and 2.03. HTMLArea
is now nearing release 3.x. with 3.0 rc2 being available at the time of this
writing. I do not know if 3.x will address this issue. Generally it appears
that security is left to the integrator, and we apparently missed 4 files.
Regards,
David
security curmudgeon wrote:
> : 6.02 Beta , 6.042 (all patch levels), 6.1 , and 6.15 .
> : : The forthcoming 6.2 release does not use HTMLarea and does not include :
> this vulnerability.
>
> Excellent, I will mention that 6.2 is a viable upgrade to fix the issue as
> well.
>
> : Further, it is important to note that this issue may affect not only CRE :
> Loaded osCommerce, but any osCommerce variant which uses HTMLArea with : or
> without the Admin Access with Levels contribution.
>
> Is HTMLArea a seperate 'product' (freeware maybe?) that is incorpoated into
> CRE Loaded? If so, do you have more info on that product, as our listing
> would be changed to reflect that as the vulnerability, and CRE Loaded
> affected.
>
> Brian
>
>
More information about the VIM
mailing list