AjaXplorer 4.0.3 and earlier versions contain a directory traversal vulnerability and a weak cookie authentication scheme.
AjaXplorer contains a directory traversal vulnerability in the "Get Template" feature. The URL variables template_name and pluginName can be used to exploit this vulnerability.
A remote unauthenticated attacker may be able to read any file on the server that the web service can access. If an attacker can steal a user's cookie or access the password file they can use the password hash to log in as that user without knowing the password.
Apply an Update
AjaXplorer 4.0.4 has been released to address these vulnerabilities.
Thanks to StenoPlasma for reporting this vulnerability.
This document was written by Jared Allar.
|Date First Published:||2012-03-08|
|Date Last Updated:||2012-03-28 12:31 UTC|