Mobile USB Drive HD Multiple Local File-Include and Arbitrary File-Upload Vulnerabilities

vendor:

Mobile USB Drive HD

by:

SecurityFocus

7,5

CVSS

HIGH

Local File-Include and Arbitrary File-Upload

434

CWE

Product Name: Mobile USB Drive HD

Affected Version From: 1.2

Affected Version To: 1.2

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2013

Mobile USB Drive HD Multiple Local File-Include and Arbitrary File-Upload Vulnerabilities

Mobile USB Drive HD is prone to multiple local file-include and arbitrary file-upload vulnerabilities because it fails to adequately validate files before uploading them. An attacker can exploit these issues to upload arbitrary files onto the web server, execute arbitrary local files within the context of the web server, and obtain sensitive information.

Mitigation:

Validate files before uploading them.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/60847/info

Mobile USB Drive HD is prone to multiple local file-include and arbitrary file-upload vulnerabilities because it fails to adequately validate files before uploading them.

An attacker can exploit these issues to upload arbitrary files onto the web server, execute arbitrary local files within the context of the web server, and obtain sensitive information.

Mobile USB Drive HD 1.2 is vulnerable; other versions may also be affected. 

<table border="0" cellpadding="0" cellspacing="0">
<thead>
<tr><th>Name</th><th class="del">Delete</th></tr>
</thead>
<tbody id="filelist">
<tr><td><a href=_http://www.example.com/files/webshell-js.php.png.txt.iso.php.gif; 
class="file">webshell-js.php.png.txt.iso.php.gif</a></td>