Jetbox One远程Server-Side脚本执行漏洞

Jetbox One 2.0.8版本及可能其他版本存在漏洞。IMAGES模块下拥有作者特权的远程攻击者可以下载PHP文件或执行任意代码。

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com .
@securityfocus.com>

来源:US-CERT Vulnerability Note: VU#417408
名称: VU#417408
链接:http://www.kb.cert.org/vuls/id/417408

来源: XF
名称: jetbox-one-file-upload(16900)
链接:http://xforce.iss.net/xforce/xfdb/16900

来源: BID
名称: 10859
链接:http://www.securityfocus.com/bid/10859

来源: BUGTRAQ
名称: 20040804 vulnerabilities in JetboxOne CMS
链接:http://www.securityfocus.com/archive/1/370852

来源: SECUNIA
名称: 12230
链接:http://secunia.com/advisories/12230/

来源: echo.or.id
链接:http://echo.or.id/adv/adv03-y3dips-2004.txt