The makers of CPAINT Ajax Toolkit have discovered code execution vulnerabilities in their software. All versions prior to version 1.3-SP are affected.
6c1b4d723d050b0fa556f05f2f1f431ed1089bd3c77932893f93fcb340d72f97I am the original author of the CPAINT Ajax Toolkit (https://cpaint.sourceforge.net/). Last night we found a vulnerability affecting all versions of CPAINT prior to v1.3-SP (which is the patched version of the software) that can allow a user with malicious intent to execute server or ASP/PHP commands that would allow them to easily access data on the server.
We have removed prior versions of the software from our SourceForge Project website and highly recommend that all users upgrade to v1.3-SP which can be downloaded at https://sourceforge.net/project/showfiles.php?group_id=141041&package_id=154713&release_id=349396
This problem will also affect any software packages and/or websites that utilize the CPAINT toolkit. We also suspect this problem affects other AJAX toolkits (as they are all very similar in the way they execute functions on the backend) and urge other AJAX toolkit authors and users to test for any security problems as well.
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed