PT-2010-1627 · Simplicity · Phpsimplicity

Master Mind

Publicado

2010-04-27

Atualizado

2017-08-17

CVE-2009-4818

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions PHPSimplicity Simplicity oF Upload version 1.3.2

Description The issue allows remote attackers to execute arbitrary PHP code by uploading a file with a double extension. This can be achieved by uploading a file such as .php.gif to the upload.php endpoint.

Recommendations For version 1.3.2, consider restricting or validating file uploads in the upload.php script to prevent uploading files with double extensions, and ensure that only authorized users can upload files.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2009-4818

Produtos afetados

Phpsimplicity

PT-2010-1627 · Simplicity · Phpsimplicity

CVE-2009-4818

Identificadores relacionados

Produtos afetados

Referências · 5