JBrowser 1.0/2.x - Unauthorized Admin Access

Author: Himeur Nourredine
type: webapps
platform: php
port: 
date_added: 2004-01-30  
date_updated: 2012-12-24  
verified: 1  
codes: CVE-2007-1156;OSVDB-33141  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 23628.txt  

source: https://www.securityfocus.com/bid/9537/info

Due to a lack of access validation to the '_admin' directory, malevolent users may be able to execute arbitrary admin scripts. This may allow a malicious user to upload arbitrary files to the affected system and gain access to files outside of the web server root directory. There may also be other consequences associated with this vulnerability.

http://www.example.org/_admin/
http://www.example.org/_admin/list_all.php?folder=../
http://www.example.org/_admin/upload.php