• info
• discussion
• exploit
• solution
• references

Timbuktu Pro File Upload and Log Input Manipulation Vulnerabilities

Timbuktu Pro is prone to an arbitrary-file-upload vulnerability and a vulnerability that allows attackers to disrupt the logging of events.

An attacker can exploit these issues to upload arbitrary files and prevent the logging of events. This may lead to other attacks.

Timbuktu Pro 8.6.5 for Windows is vulnerable; other versions running on different platforms may also be affected.

The file-upload vulnerability may be related to BID 25453 (Motorola Timbuktu Pro Directory Traversal Vulnerability).