header-logo
Suggest Exploit
vendor:
Tutos
by:
SecurityFocus
8.8
CVSS
HIGH
Arbitrary File Upload
264
CWE
Product Name: Tutos
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2003

Arbitrary File Upload in Tutos

Tutos is vulnerable to an arbitrary file upload vulnerability due to improper handling of input to the file_new script. An attacker can exploit this vulnerability by sending a specially crafted request to the file_new script, which will allow them to upload arbitrary files to the vulnerable site.

Mitigation:

Upgrade to the latest version of Tutos to mitigate this vulnerability.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/8012/info

It has been reported that Tutos does not properly handle input to the file_new script. Because of this, an attacker may be able to upload arbitrary files to a vulnerable site.

We can upload via http://www.example.com/tutos/file/file_new.php?link_id=1065

The path is http://www.example.com/tutos/repository/[project number]/[file
number]/FILE

Navigation

Suggest Exploit

Services By CQR