WebTeacher WebData File Import Vulnerability

WebTeacher WebData is a database program deployable across the World Wide Web.

Any user who has a valid member account on WebData is capable of importing any accessible file on the system to the WebData directory. This would ensure that the user could access any file below the root directory by browsing through the database even if it has been specified that WebData would only serve up certain files. The import function should normally only allow user uploaded files into the database, however it will permit any file to be imported onto the server.


 

Privacy Statement
Copyright 2010, SecurityFocus