Thomson Reuters FATCA versions below 5.2 suffer from a local file inclusion vulnerability.
6231d7b2832f5bc3406aa4e011ca416b6b92a2d444f6499aa1e7c831611cba6fTitle: Thomson Reuters FATCA - Local File Inclusion
Author: Jakub Pałaczyński
Date: 10. June 2015
CVE: CVE-2015-5952
Affected software:
==================
All versions of Thomson Reuters FATCA below v5.2
Exploit was tested on:
======================
Thomson Reuters FATCA v5.1.0.30
Description:
============
The Thomson Reuters for FATCA solution enables organizations to comply with
the key requirements of both CRS and FATCA.[1]
Vulnerabilities:
****************
Local File Inclusion:
============================================
Application's parameter "item" is vulnerable to Local File Inclusion, which
makes it possible to include application/system files.
Using this vulnerability FATCA users can for example include uploaded PHP
files (upload directory can be retrieved from the application's error
message) and execute system commands.
References:
===========
[1] Overview:
https://risk.thomsonreuters.com/products/thomson-reuters-fatca
Contact:
========
Jakub[dot]Palaczynski[at]ingservicespolska[dot]pl
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed