CVE-2011-2745

Name of the Vulnerable Software and Affected Versions Chyrp versions 2.0 and earlier

Description The issue allows remote authenticated users to upload a .php file and execute arbitrary PHP code via a write post action to the default URI under admin/. This is possible because the upload handler.php in the swfupload extension relies on client-side JavaScript code to restrict the file extensions of uploaded files.

Recommendations For Chyrp versions 2.0 and earlier, update the swfupload extension to properly validate and restrict file extensions on the server-side, rather than relying on client-side JavaScript code. As a temporary workaround, consider disabling the upload functionality in the admin panel until a proper fix is applied. Restrict access to the upload handler.php file to minimize the risk of exploitation.