PT-2005-2508 · Pwsphp · Pwsphp
Froggz
·
Published
2005-05-11
·
Updated
2017-07-11
·
CVE-2005-1512
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
PwsPHP version 1.2.2
Description
The issue concerns the Admin panel in PwsPHP, which fails to properly verify uploaded picture files. This allows remote attackers to upload and possibly execute arbitrary files.
Recommendations
For PwsPHP version 1.2.2, consider implementing proper file verification for uploaded picture files to prevent remote attackers from uploading and executing arbitrary files. As a temporary workaround, restrict access to the file upload functionality in the Admin panel until a proper fix is applied.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Pwsphp