PT-2010-1627 · Simplicity · Phpsimplicity

Master Mind

Published

2010-04-27

Updated

2017-08-17

CVE-2009-4818

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions PHPSimplicity Simplicity oF Upload version 1.3.2

Description The issue allows remote attackers to execute arbitrary PHP code by uploading a file with a double extension. This can be achieved by uploading a file such as .php.gif to the upload.php endpoint.

Recommendations For version 1.3.2, consider restricting or validating file uploads in the upload.php script to prevent uploading files with double extensions, and ensure that only authorized users can upload files.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2009-4818

Affected Products

Phpsimplicity

PT-2010-1627 · Simplicity · Phpsimplicity

CVE-2009-4818

Related Identifiers

Affected Products

References · 5