Webify Multiple Products File Deletion Vulnerability

Secunia ID	SA50524
Release Date	20 Sep 2012
Criticality	Less Critical
Solution Status	Vendor Patch
Software	Webify Blog Webify Business Directory Webify eDownloads Cart Webify Photo Gallery
Where	From remote
Impact	Manipulation of data This includes vulnerabilities where a user or a remote attacker can manipulate local data on a system, but not necessarily be able to gain escalated privileges or system access. The most frequent type of vulnerabilities with this impact are SQL-injection vulnerabilities, where a malicious user or person can manipulate SQL queries.
Description	A vulnerability has been reported in multiple Webify products, which can be exploited by malicious people to manipulate certain data. The vulnerability is caused due to the application not restricting access to an administrative interface and can be exploited to delete files. The vulnerability is reported in the following products: * Webify Blog * Webify Photo Gallery * Webify eDownloads Cart * Webify Business Directory
Solution	Apply fixed version. Contact the vendor for more information.
Reported by	JIKO(JAWAD).
Original Advisory	JIKO(JAWAD): http://www.exploit-db.com/exploits/21250/ http://www.exploit-db.com/exploits/21269/ http://www.exploit-db.com/exploits/21270/ http://www.exploit-db.com/exploits/21271/

© 1997-2013 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.
The authors' opinions do not necessarily reflect the official positions of Kaspersky Lab.