newswall 1.05 multiple security vulnerabilities

There are multiple security vulnerabilities in newswall which may allow an attacker to compromise the web server.

Software

Software Link: newswall

Vulnerable Version: <= 1.05

Vendor Notification: newswall@mayoco.de [ 2010-11-22 1:10 AM ]

# [ 2010-11-22 6:40 AM ] Vendor released 1.06

# [ 2010-11-22 5:20 PM ] Advisory released

Vulnerabilities

# Cross-Site Scripting (XSS) # <= 1.05 # Patched

The issue is due to failure in "set_reference.php" to properly sanitize user-supplied data in the "varreference" parameter.

# Unrestricted File Upload # <= 1.05 # Patched

upload.php allows PHP files to be uploaded. An attacker can upload a PHP file as an image reference (to "/images/references/" by default) and execute system commands using /images/references/shell.png.php?cmd=

Reference

# OWASP: Cross-Site Scripting

# OWASP: Unrestricted File Upload

Appendix

[TXT] newswall 1.05 multiple security vulnerabilities