|
Description
|
|
Multiple vulnerabilities were identified in e-Business Designer, which could be exploited by remote attackers to compromise a vulnerable server, execute arbitrary scripting code, or disclose sensitive information.
The first issue is due to access validation errors where the "common/html_editor/image_browser.upload.html" and "common/html_editor/html_editor.html" scripts are accessible without authentication, which could be exploited by remote attackers to upload or modify arbitrary files and execute malicious commands with the privileges of the web server.
The second vulnerability is due to an input validation error in the "admin/form_grupo.html" script that does not validate the "id" parameter, which may be exploited by malicious people to conduct cross site scripting attacks.
The third flaw is due to errors in various scripts that do not properly handle malformed or invalid parameters, which could be exploited by attackers to determine the installation path.
|
