CVE-2008-3592

Description

Unrestricted file upload vulnerability in the File Manager in the admin panel in Twentyone Degrees Symphony 1.7.01 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension to a directory specified in the destination parameter, then accessing the uploaded file via a direct request, as demonstrated using workspace/masters/.

Affected products

• 21degrees / symphony1.7.01
• 21degrees / symphony1.1 – 1.1
• 21degrees / symphony1.5 – 1.5
• 21degrees / symphony1.5.05 – 1.5.05
• 21degrees / symphony1.5.06 – 1.5.06
• 21degrees / symphony1.6.02 – 1.6.02
• 21degrees / symphony1.7 – 1.7

References

• EXPLOIThttps://www.exploit-db.com/exploits/6177
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/44432
• MISChttp://securityreason.com/securityalert/4137
• VENDOR_ADVISORYhttp://secunia.com/advisories/31293
• MISChttp://overture21.com/forum/comments.php?DiscussionID=1823