|
|
| News |
March 07, 2008
MWR InfoSecurity publish Elastic Path Advisory
An advisory has been released today by MWR InfoSecurity relating to Elastic Path ecommerce software versions 4.1 and 4.1.1. Multiple input validation vulnerabilities were identified within the Elastic Path application. As a result, directory traversal was possible allowing unrestricted file system access to the remote server. The impact of the vulnerabilities could enable an attacker to upload and download files from arbitrary locations on the affected system.
The vendor has released a patch to address these vulnerabilities. To obtain the patch users must contact the vendor at support@elasticpath.com or
http://www.elasticpath.com/support/.
The full advisory can be viewed here.
|
|
|
 |
|
