vendor:
eWebEditor
by:
Ma3sTr0-Dz
8,8
CVSS
HIGH
Remote File Upload
434
CWE
Product Name: eWebEditor
Affected Version From: 1.x
Affected Version To: 1.x
Patch Exists: Yes
Related CWE: N/A
CPE: a:ewebeditor:ewebeditor
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2010
eWebEditor v1.x (WYSIWYG) Remote File Upload
eWebEditor is vulnerable to a remote file upload vulnerability. An attacker can exploit this vulnerability by sending a malicious file to the upload.asp page of the application. The malicious file can be uploaded to the server and can be accessed by appending the malicious file name to the uploads/asp/ directory. This can be used to execute arbitrary code on the server.
Mitigation:
The vendor has released a patch to address this vulnerability. It is recommended to upgrade to the latest version of the application.
