漏洞类别:Web server漏洞等级: 
漏洞信息
Web Companion Software is part of the Filemaker Pro Version 5.0 database package. This package includes XML publishing capability, which does not make use of Filemaker Pro's Web security features.
Filemaker Pro Version 5.0 also integrates e-mail capabilities into Web-based database applications. One of the features now available is the capability to specify contents of a database field for use as a format for e-mail messages. This feature bypasses Filemaker Pro's normal Web security and allows remote Web users to send database content to any e-mail address regardless of the security settings for that content.
The e-mail features of Filemaker Pro also allow Web users to anonymously forge e-mails.
漏洞危害
As a result, any remote user can retrieve, via XML or e-mail, any data from a Web connected database regardless of the Web security settings on that data. Any Web user can send e-mails using a false identity.
解决方案
Download and install the latest FileMaker Pro Update at : http://www.filemaker.com/downloads/
0day
文章评论