vendor:
LinkedIn Clone
by:
Ihsan Sencan
8,8
CVSS
HIGH
Arbitrary File Upload
434
CWE
Product Name: LinkedIn Clone
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Win7 x64, Kali Linux x64
2017
Global In – Arbitrary File Upload
A vulnerability in Global In allows an attacker to upload arbitrary files to the server. This can be exploited by an attacker to gain access to the server and execute malicious code. The vulnerability exists in the 'post-images' directory, which allows an attacker to upload a malicious file such as File.php and execute it on the server.
Mitigation:
Ensure that the 'post-images' directory is not writable by users and that all uploaded files are scanned for malicious content.
