Lucene search
Jakub Palaczynski1337DAY-ID-24059HistoryAug 16, 2015 - 12:00 a.m.
Thomson Reuters FATCA v5.1.0.30 - Local File Inclusion Vulnerability
2015-08-1600:00:00
Jakub Palaczynski
0day.today
12
0.005 Low
EPSS
Percentile
76.4%
Exploit for hardware platform in category web applications
Title: Thomson Reuters FATCA - Local File Inclusion
Author: Jakub Pałaczyński
Date: 10. June 2015
CVE: CVE-2015-5952
Affected software:
==================
All versions of Thomson Reuters FATCA below v5.2
Exploit was tested on:
======================
Thomson Reuters FATCA v5.1.0.30
Description:
============
The Thomson Reuters for FATCA solution enables organizations to comply with
the key requirements of both CRS and FATCA.[1]
Vulnerabilities:
****************
Local File Inclusion:
============================================
Application's parameter "item" is vulnerable to Local File Inclusion, which
makes it possible to include application/system files.
Using this vulnerability FATCA users can for example include uploaded PHP
files (upload directory can be retrieved from the application's error
message) and execute system commands.
References:
===========
[1] Overview:
https://risk.thomsonreuters.com/products/thomson-reuters-fatca
# 0day.today [2018-02-16] #Related
nvd
nvd
CVE-2015-5952
2020-01-15 17:15:13
packetstorm
packetstorm
Thomson Reuters FATCA Local File Inclusion
2015-08-12 00:00:00
cve
cve
CVE-2015-5952
2020-01-15 17:15:13
prion
prion
Directory traversal
2020-01-15 17:15:00
cvelist
cvelist
CVE-2015-5952
2020-01-15 16:27:54