Vulnerabilities > CVE-2009-1314 - Remote Security vulnerability in Webfileexplorer web File Explorer 3.1

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

webfileexplorer

critical

exploit available

NVD

Published: 2009-04-17

Updated: 2017-09-29

Summary

body.asp in Web File Explorer 3.1 allows remote attackers to create arbitrary files and execute arbitrary code via the savefile action with a file parameter containing a filename that has an executable extension.

Vulnerable Configurations

Part	Description	Count
Application	Webfileexplorer Webfileexplorer WEB File Explorer 3.1	1

Exploit-Db

description	WebFileExplorer 3.1 (Auth Bypass) SQL Injection Vulnerability. CVE-2009-1314,CVE-2009-1323. Webapps exploit for php platform
file	exploits/php/webapps/8382.txt
id	EDB-ID:8382
last seen	2016-02-01
modified	2009-04-09
platform	php
port
published	2009-04-09
reporter	Osirys
source	https://www.exploit-db.com/download/8382/
title	WebFileExplorer 3.1 Auth Bypass SQL Injection Vulnerability
type	webapps

Summary

Vulnerable Configurations

Exploit-Db

References