ByteHoard index.php filepath Variable Arbitrary File Overwrite

2006-05-23T12:35:05
ID OSVDB:25782
Type osvdb
Reporter OSVDB
Modified 2006-05-23T12:35:05

Description

Solution Description

Upgrade to version 2.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Manual Testing Notes

http://[target]/bytehoardpath/index.php?page=copy&filepath=/yourusername/yourfile&infolder=/targetusername/pathtotargetfile/

References:

Vendor URL: http://bytehoard.org/ Secunia Advisory ID:20304 Related OSVDB ID: 25783 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-05/0571.html FrSIRT Advisory: ADV-2006-2033 CVE-2006-2633 Bugtraq ID: 18139