OSVDB ID: 84832

Title: Squiz CMS /__web/Systems/UnregisteredDomainWidget Traversal Arbitrary File Access

Info

Disclosure

Aug 20, 2012

Discovery

Jun 29, 2012

Dates

Exploit

Nov 30, 2012

Solution

Aug 09, 2012

Description

PROGRAM contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to the /__web/Systems/UnregisteredDomainWidget facility not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../). This directory traversal attack would allow the attacker to read arbitrary files outside of the web server's root.

Classification

Location: Remote / Network Access
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Solution: Upgrade
Exploit: Exploit Public
Disclosure: Vendor Verified, Coordinated Disclosure
OSVDB: Web Related

Solution

Upgrade to version 11846 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Squiz

Squiz CMS

11654

References

Secunia Advisory ID: 50355
Related OSVDB ID: 88011
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2012-08/0130.html
http://seclists.org/bugtraq/2012/Nov/117
Vendor URL: http://cms.squizsuite.net/
Vendor Specific News/Changelog Entry: http://cms.squizsuite.net/patches/11846

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/84832