Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2015-5952

Publish Date: 12 Aug 2015

Source

                							

                Title: Thomson Reuters FATCA - Local File Inclusion
Author: Jakub Pałaczyński
Date: 10. June 2015
CVE: CVE-2015-5952

Affected software:
==================

All versions of Thomson Reuters FATCA below v5.2

Exploit was tested on:
======================

Thomson Reuters FATCA v5.1.0.30

Description:
============

The Thomson Reuters for FATCA solution enables organizations to comply with
the key requirements of both CRS and FATCA.[1]


Vulnerabilities:
****************

Local File Inclusion:
============================================

Application's parameter "item" is vulnerable to Local File Inclusion, which
makes it possible to include application/system files.
Using this vulnerability FATCA users can for example include uploaded PHP
files (upload directory can be retrieved from the application's error
message) and execute system commands.

References:
===========

[1] Overview:
https://risk.thomsonreuters.com/products/thomson-reuters-fatca

Contact:
========

Jakub[dot]Palaczynski[at]ingservicespolska[dot]pl


<p>

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Thomson Reuters FATCA Local File Inclusion

Vulmon Search

About

Products

Connect