Description

gather-messages.sh in Ampache 3.4.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/filelist temporary file.

Remediation

References

CVE-2008-3929

Related Vulnerabilities

Envoy Proxy Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2019-18836)

Moodle Credentials Management Errors Vulnerability (CVE-2009-4304)

MySQL CVE-2015-0409 Vulnerability (CVE-2015-0409)

Apache HTTP Server Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2020-11993)

WordPress Plugin YITH Maintenance Mode Multiple Cross-Site Scripting Vulnerabilities (1.3.8)

Severity

High

Classification

CVE-2008-3929 CWE-59

Tags

Missing Update Known Vulnerabilities