function/update_xml.php in FLABER 1.1 and earlier allows remote attackers to overwrite arbitrary files by specifying the target filename in the target_file parameter. NOTE: this can be leveraged for code execution by overwriting a PHP file, as demonstrated using function/upload_file.php.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2009-03-19T10:00:00
Updated: 2024-08-07T11:34:46.928Z
Reserved: 2009-03-18T00:00:00
Link: CVE-2008-6490
Vulnrichment
No data.
NVD
Status : Modified
Published: 2009-03-19T10:30:00.343
Modified: 2017-09-29T01:33:12.213
Link: CVE-2008-6490
Redhat
No data.