Interchange page_save Unauthenticated File Overwrite

2001-04-16T00:00:00
ID OSVDB:7146
Type osvdb
Reporter OSVDB
Modified 2001-04-16T00:00:00

Description

Vulnerability Description

Interchange contains a flaw that may allow a remote attacker to overwrite files in the catalog directory. The issue is due to the page_save administrative script not properly authenticating before handling the request.

Solution Description

Upgrade to version 4.6.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Interchange contains a flaw that may allow a remote attacker to overwrite files in the catalog directory. The issue is due to the page_save administrative script not properly authenticating before handling the request.

References:

Vendor URL: http://www.icdevgroup.org Vendor Specific Advisory URL