header-logo
Suggest Exploit
vendor:
SaveWebPortal
by:
SecurityFocus
6.4
CVSS
MEDIUM
Unauthorized Access
287
CWE
Product Name: SaveWebPortal
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2004

SaveWebPortal Unauthorized Access Vulnerability

SaveWebPortal is prone to an unauthorized access vulnerability. This issue is due to a failure in the application to limit access to administrative scripts. An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access and further attacks on the affected site. A user can bypass admin check, calling this URL: http://www.example.com/saveweb/admin/PhpMyExplorer/editerfichier.php?chemin=.&fichier=header.php&type=Source

Mitigation:

Ensure that access to administrative scripts is properly restricted.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/14639/info

SaveWebPortal is prone to an unauthorized access vulnerability. This issue is due to a failure in the application to limit access to administrative scripts.

An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access and further attacks on the affected site. 

a user can bypass admin check, calling this url:

http://www.example.com/saveweb/admin/PhpMyExplorer/editerfichier.php?chemin=.&fichier=header.php&type=Source

Navigation

Suggest Exploit

Services By CQR