----------------------------------------------------------------------

Want a new job?

http://secunia.com/secunia_security_specialist/
http://secunia.com/hardcore_disassembler_and_reverse_engineer/

International Partner Manager - Project Sales in the IT-Security
Industry:
http://corporate.secunia.com/about_secunia/64/

----------------------------------------------------------------------

TITLE:
WSN Products "TID" Local File Inclusion

SECUNIA ADVISORY ID:
SA31392

VERIFY ADVISORY:
http://secunia.com/advisories/31392/

CRITICAL:
Moderately critical

IMPACT:
Exposure of system information, Exposure of sensitive information,
System access

WHERE:
>From remote

SOFTWARE:
WSN Links 4.x
http://secunia.com/product/15070/
WSN Knowledge Base 4.x
http://secunia.com/product/19522/
WSN Gallery 4.x
http://secunia.com/product/19523/
WSN Forum 4.x
http://secunia.com/product/19521/
WSN Classifieds 4.x
http://secunia.com/product/19524/

DESCRIPTION:
otmorozok428 has reported a vulnerability in various WSN products,
which can be exploited by malicious users to disclose sensitive
information and compromise a vulnerable system.

Input passed to the "TID" parameter in index.php (when "custom" is
set to "yes") is not properly verified before being used to include
files. This can be exploited to include arbitrary files from local
resources. It can further be exploited to execute arbitrary PHP code
by uploading a PHP script as an avatar and then including the
script.

Successful exploitation requires valid user credentials.

The vulnerability is reported in WSN Links prior to 4.1.49, WSN Forum
prior to 4.1.45, WSN Knowledge Base prior to 4.1.41, WSN Gallery prior
to 4.1.40, and WSN Classifieds prior to 4.1.30.

SOLUTION:
Update to WSN Links 4.1.49, WSN Forum 4.1.45, WSN Knowledge Base
4.1.41, WSN Gallery 4.1.40, and WSN Classifieds 4.1.30.

PROVIDED AND/OR DISCOVERED BY:
otmorozok428

ORIGINAL ADVISORY:
http://milw0rm.com/exploits/6208

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------