Vulnerability Description
eUpload 1.0 stores the password.txt password file in plaintext under the web document root, which allows remote attackers to overwrite arbitrary files by reading password.txt.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Frederic Tyndiuk | Eupload | 1.0 |
References
- http://archives.neohapsis.com/archives/bugtraq/2002-07/0412.htmlExploitPatch
- http://www.iss.net/security_center/static/9733.php
- http://www.securityfocus.com/bid/5369
- http://archives.neohapsis.com/archives/bugtraq/2002-07/0412.htmlExploitPatch
- http://www.iss.net/security_center/static/9733.php
- http://www.securityfocus.com/bid/5369
FAQ
What is CVE-2002-1449?
CVE-2002-1449 is a vulnerability with a CVSS score of 7.5 (HIGH). eUpload 1.0 stores the password.txt password file in plaintext under the web document root, which allows remote attackers to overwrite arbitrary files by reading password.txt.
How severe is CVE-2002-1449?
CVE-2002-1449 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-1449?
Check the references section above for vendor advisories and patch information. Affected products include: Frederic Tyndiuk Eupload.