Published:2007/11/09 Last Updated:2007/11/09
JVN#99453765
Cross-site scripting vulnerability in updir.php in UPDIR.NET
Overview
updir.php in UPDIR.NET contains a cross-site scripting vulnerability in the full-text search and file upload functions.
Products Affected
- updir.php version 2.03 and earlier
Description
updir.php from UPDIR.NET is software for publishing and managing image files, etc. on web servers. By installing updir.php on a web server, users are able to upload image files, etc. on the web server and publish and manage the uploaded files. updir.php contains a cross-site scripting vulnerability in the full-text search and file upload functions.
Impact
An attacker could execute an arbitrary script on the user's web browser.
Solution
Update the Software
The developer has released updir.php version 2.04 addressing this vulnerability. It is recommended that users apply the latest updates provided by the developer.\n
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory | |
| CPNI Advisory | |
| TRnotes | |
| CVE | |
| JVN iPedia |
JVNDB-2007-000803 |