Lucene search
Jakub PalaczynskiPACKETSTORM:133051HistoryAug 12, 2015 - 12:00 a.m.
Thomson Reuters FATCA Local File Inclusion
2015-08-1200:00:00
Jakub Palaczynski
packetstormsecurity.com
16
0.005 Low
EPSS
Percentile
76.4%
`Title: Thomson Reuters FATCA - Local File Inclusion
Author: Jakub Pałaczyński
Date: 10. June 2015
CVE: CVE-2015-5952
Affected software:
==================
All versions of Thomson Reuters FATCA below v5.2
Exploit was tested on:
======================
Thomson Reuters FATCA v5.1.0.30
Description:
============
The Thomson Reuters for FATCA solution enables organizations to comply with
the key requirements of both CRS and FATCA.[1]
Vulnerabilities:
****************
Local File Inclusion:
============================================
Application's parameter "item" is vulnerable to Local File Inclusion, which
makes it possible to include application/system files.
Using this vulnerability FATCA users can for example include uploaded PHP
files (upload directory can be retrieved from the application's error
message) and execute system commands.
References:
===========
[1] Overview:
https://risk.thomsonreuters.com/products/thomson-reuters-fatca
Contact:
========
Jakub[dot]Palaczynski[at]ingservicespolska[dot]pl
`
Related
nvd
nvd
CVE-2015-5952
2020-01-15 17:15:13
zdt
zdt
Thomson Reuters FATCA v5.1.0.30 - Local File Inclusion Vulnerability
2015-08-16 00:00:00
cve
cve
CVE-2015-5952
2020-01-15 17:15:13
prion
prion
Directory traversal
2020-01-15 17:15:00
cvelist
cvelist
CVE-2015-5952
2020-01-15 16:27:54