Feng Office Arbitrary File Upload And Cross Site Scripting Vulnerabilities Network Vulnerability

Summary

Feng Office is prone to an arbitrary-file-upload vulnerability and multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. Attackers can exploit these issues to upload and execute arbitrary PHP shell code in the context of the webserver process, steal cookie-based authentication information, execute arbitrary client-side scripts in the context of the browser, and obtain sensitive information. Other attacks are also possible. Feng Office 1.7.4 is vulnerable other versions may also be affected.

References

http://www.fengoffice.com/web/
https://www.securityfocus.com/bid/47049

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 4.6 AV:N/AC:H/Au:S/C:P/I:P/A:P

Related Vulnerabilities

Apache Open For Business HTML injection vulnerability
Apache Tomcat TroubleShooter Servlet Installed
Aker Secure Mail Gateway Cross-Site Scripting Vulnerability
Adiscon LogAnalyzer 'highlight' Parameter Cross Site Scripting Vulnerability
@Mail 'admin.php' Cross-Site Scripting Vulnerabilities

Feng Office Arbitrary File Upload and Cross Site Scripting Vulnerabilities

Take action and discover your vulnerabilities