JVN#24336273: BloBee vulnerable to arbitrary file creation

BloBee provided by CGI RESCUE is a bulletin board software. BloBee contains a vulnerability that may allow a remote attacker to create arbitrary files (CWE-20).

Impact

An arbitrary file created by an attacker may result in arbitrary code being executed on the server.

Solution

Update the Software
Update to the latest version according to the information provided by the developer.

Products Affected

• BloBee v1.20 and earlier