Bodington Arbitrary File Upload

2004-01-30T03:37:45
ID OSVDB:3770
Type osvdb
Reporter OSVDB
Modified 2004-01-30T03:37:45

Description

Vulnerability Description

Bodington contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered because the upload area is not properly secured in all configurations, which will disclose file information resulting in a loss of confidentiality.

Solution Description

Upgrade to version 2.10RC4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Bodington contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered because the upload area is not properly secured in all configurations, which will disclose file information resulting in a loss of confidentiality.

References:

Vendor URL: http://sourceforge.net/projects/bodington/ Vendor URL: http://bodington.org/index.html Secunia Advisory ID:10749 ISS X-Force ID: 14986 CVE-2004-2333 Bugtraq ID: 9528