vendor:
Blog PixelMotion
by:
jiko [jiki team]
7.5
CVSS
HIGH
Remote File Upload Vulnerability
434
CWE
Product Name: Blog PixelMotion
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008
Remote File Upload Vulnerability
Users can upload a malicious file to the server by exploiting the vulnerability in the modif_config.php page. The malicious file can be uploaded either directly or in a compressed zip format. After the file is uploaded, it can be accessed from the templates folder.
Mitigation:
Ensure that the application is configured to only allow the upload of files with the expected file extensions and size.