Php F1 Max's Image Uploader 'index.php' Arbitrary File Upload Vulnerability
BID:29917
Info
Php F1 Max's Image Uploader 'index.php' Arbitrary File Upload Vulnerability
| Bugtraq ID: | 29917 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 24 2008 12:00AM |
| Updated: | Jun 25 2008 10:11PM |
| Credit: | ahmadbady <[email protected]> |
| Vulnerable: |
PHP F1 Max's Image Uploader 0 |
| Not Vulnerable: | |
Discussion
Php F1 Max's Image Uploader 'index.php' Arbitrary File Upload Vulnerability
Max's Image Uploader is prone to a vulnerability that lets remote attackers upload and execute
arbitrary code because it fails to properly sanitize user-supplied files.
An attacker can leverage this issue to execute arbitrary code on an affected computer with the privileges of the webserver process.
Max's Image Uploader is prone to a vulnerability that lets remote attackers upload and execute
arbitrary code because it fails to properly sanitize user-supplied files.
An attacker can leverage this issue to execute arbitrary code on an affected computer with the privileges of the webserver process.
Exploit / POC
Php F1 Max's Image Uploader 'index.php' Arbitrary File Upload Vulnerability
Attackers may exploit this issue through a browser.
Attackers may exploit this issue through a browser.
Solution / Fix
Php F1 Max's Image Uploader 'index.php' Arbitrary File Upload Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Php F1 Max's Image Uploader 'index.php' Arbitrary File Upload Vulnerability
References:
References:
- Vendor Homepage (PHP F1)