Summary
Quicksilver Forums is prone to a local file-include vulnerability and an arbitrary-file-upload vulnerability because the application fails to sufficiently sanitize user-supplied input.
An attacker can exploit these issues to upload arbitrary files onto the webserver, execute arbitrary local files within the context of the webserver, and obtain sensitive information. By exploiting the arbitrary-file- upload and local file-include vulnerabilities at the same time, the attacker may be able to execute remote code.
Quicksilver Forums 1.4.2 is vulnerable
other versions may also be
affected. Note that these issues affect only versions running on Windows platforms.
Solution
Updates are available. Please see the references for more information.
References
Severity
Classification
-
CVE CVE-2008-7064 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities