RCBlog Admin File Upload System Access

2006-01-19T08:02:34
ID OSVDB:22681
Type osvdb
Reporter Aliaksandr Hartsuyeu(alex@evuln.com)
Modified 2006-01-19T08:02:34

Description

Vulnerability Description

RCBlog contains a flaw that may allow an administrator to gain increased privileges on the remote system. While being granted the permission and privilege to administrate the blog, this role may allow them to upload arbitrary files containing system commands that can be executed outside the context of the blog.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

RCBlog contains a flaw that may allow an administrator to gain increased privileges on the remote system. While being granted the permission and privilege to administrate the blog, this role may allow them to upload arbitrary files containing system commands that can be executed outside the context of the blog.

References:

Vendor URL: http://www.fluffington.com/ Security Tracker: 1015523 Secunia Advisory ID:18547 Related OSVDB ID: 22679 Related OSVDB ID: 22680 Other Advisory URL: http://evuln.com/vulns/42/summary.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-01/0370.html Keyword: EV0042