WinImage Denial-of-Service and Directory Traversal Vulnerabilities - exploit.company

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
WinImage Denial-of-Service and Directory Traversal Vulnerabilities - exploit.company

vendor:

WinImage

by:

Unknown

5.5

CVSS

MEDIUM

Denial-of-Service, Directory Traversal

22, 23

CWE

Product Name: WinImage

Affected Version From: 8

Affected Version To: 8.1

Patch Exists: YES

Related CWE: CVE-2007-4064, CVE-2007-4065

CPE: a:winimage:winimage:8.0, cpe:/a:winimage:winimage:8.10

Metasploit: https://www.rapid7.com/db/vulnerabilities/drupal-cve-2007-4064/, https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2007-4065/, https://www.rapid7.com/db/vulnerabilities/suse-cve-2007-4065/, https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2007-0845/, https://www.rapid7.com/db/vulnerabilities/linuxrpm-CESA-2007-0912/, https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2007-0912/, https://www.rapid7.com/db/vulnerabilities/linuxrpm-CESA-2007-0845/

Other Scripts:

Platforms Tested: Windows

2007

WinImage Denial-of-Service and Directory Traversal Vulnerabilities

WinImage is prone to a denial-of-service vulnerability and a directory-traversal vulnerability because the application fails to adequately sanitize user-supplied input. Attackers can exploit these issues to cause a denial of service or to write malicious files to arbitrary directories.

Mitigation:

It is recommended to update to the latest version of WinImage to mitigate these vulnerabilities.

Source

Exploit-DB raw data: