|Category:||Web application abuses|
|Title:||Feng Office Arbitrary File Upload and Cross Site Scripting Vulnerabilities|
|Summary:||Determine if Feng Office is prone to an arbitrary-file-upload vulnerability|
Feng Office is prone to an arbitrary-file-upload vulnerability and
multiple cross-site scripting vulnerabilities because the application
fails to sufficiently sanitize user-supplied input.
Attackers can exploit these issues to upload and execute arbitrary PHP
shell code in the context of the webserver process, steal cookie-based
authentication information, execute arbitrary client-side scripts in
the context of the browser, and obtain sensitive information. Other
attacks are also possible.
Feng Office 1.7.4 is vulnerable
other versions may also be affected.
BugTraq ID: 47049|
|Copyright||This script is Copyright (C) 2011 Greenbone Networks GmbH|
|This is only one of 47234 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.