Maran PHP Forum Forum_write.PHP Arbitrary File Upload Vulnerability
BID:23614
Info
Maran PHP Forum Forum_write.PHP Arbitrary File Upload Vulnerability
| Bugtraq ID: | 23614 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 23 2007 12:00AM |
| Updated: | Apr 24 2007 02:30AM |
| Credit: | Dj7xpl is credited with the discovery of this vulnerability. |
| Vulnerable: |
Maran PHP Forum Maran PHP Forum 09.04.2006 |
| Not Vulnerable: | |
Discussion
Maran PHP Forum Forum_write.PHP Arbitrary File Upload Vulnerability
Maran PHP Forum is prone to an arbitrary-file-upload vulnerability.
An attacker can exploit this vulnerability to upload PHP script code and execute it in the context of the webserver process.
Maran PHP Forum 09.04.2006 is vulnerable.
Maran PHP Forum is prone to an arbitrary-file-upload vulnerability.
An attacker can exploit this vulnerability to upload PHP script code and execute it in the context of the webserver process.
Maran PHP Forum 09.04.2006 is vulnerable.
Exploit / POC
Maran PHP Forum Forum_write.PHP Arbitrary File Upload Vulnerability
Attackers can use a browser to exploit this issue.
Example exploit code has been provided:
Attackers can use a browser to exploit this issue.
Example exploit code has been provided:
Solution / Fix
Maran PHP Forum Forum_write.PHP Arbitrary File Upload Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
References
Maran PHP Forum Forum_write.PHP Arbitrary File Upload Vulnerability
References:
References:
- Maran PHP Forum Web Site (Maran PHP Forum)