Automated Logic Corporation Products Directory Traversal and Arbitrary File Upload Vulnerabilities
Multiple Automated Logic Corporation Products are prone to a directory-traversal vulnerability and an arbitrary-file-upload vulnerability.
An attacker can exploit these issues to obtain sensitive information, to upload arbitrary code, and run it in the context of the webserver process.
The following products are affected:
ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior.
ALC WebCTRL, SiteScan Web 6.1 and prior.
ALC WebCTRL, i-Vu 6.0 and prior.
ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior.
ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior.