|
|
Info |
Last Modified |
| 4 months ago |
|
|
|
|
Description |
HTMLArea contains a flaw that may allow a malicious user to execute arbitrary commands. The '/admin/htmlarea/popups/file/files.php' script is accessible without authentication, allowing a remote attacker to use this script to upload malicious PHP files and execute arbitrary code on the system.
|
|
Classification |
Location:
Remote/Network Access Required
Attack Type:
Input Manipulation
Impact:
Unknown
Exploit:
Exploit Available
Disclosure:
OSVDB Verified
OSVDB:
Web Related
|
|
Technical |
HTMLArea is a BSD style licensed project that is used in several open source projects. Other software packages may be vulnerable as well.
|
|
Solution |
Currently, there are no known upgrades, patches, or workarounds available to correct this issue in HTMLArea.
Upgrade to version 6.2 or higher, as it has been reported to fix this vulnerability. In addition, Chain Reaction Works, Inc. has released a patch for some older versions.
|
|
Products |
|
CRE Loaded osCommerce
 |
6.15 |
6.02 Beta |
6.042 |
6.1 |
|
HTMLArea
|
1.7 |
2.03 |
|
|
|
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
