Smart PHP Uploader 1.0 Remote File Upload Vulnerability

vendor:

Smart PHP Uploader

by:

Phenom

7.5

CVSS

HIGH

Remote File Upload

434

CWE

Product Name: Smart PHP Uploader

Affected Version From: 1

Affected Version To: 1

Patch Exists: NO

Related CWE: None

CPE: a:scriptsez.net:smart_php_uploader:1.0

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: None

2020

Smart PHP Uploader 1.0 Remote File Upload Vulnerability

A vulnerability exists in Smart PHP Uploader 1.0 which allows an attacker to upload a malicious file to the server. An attacker can exploit this vulnerability by sending a malicious file to the server via the phpuploader.php page. Once the file is uploaded, the attacker can access the file by visiting the URL http://server/path/yourshell.php.

Mitigation:

The vendor should ensure that the application validates the file type before allowing it to be uploaded to the server.

Source

Exploit-DB raw data:

 #######################################################################
 #                                                                     #
 ###     Smart PHP Uploader 1.0 Remote File Upload Vulnerability     ###
 #                                                                     #
 #######################################################################
 #                                                                     #
 #  Author : Phenom                                                    #
 #                                                                     #
 #  vendor : http://www.scriptsez.net                                  #
 #                                                                     #
 #  language : PHP                                                     #
 #                                                                     #
 #  Version : 1.0                                                      #
 #                                                                     #
 #######################################################################
 #                                                                     #
 # Exploit :                                                           #
 #                                                                     #
 # 1- http://server/path/phpuploader.php                               #
 #                                                                     #
 # 2- upload your shell                                                #
 #                                                                     #
 # 3- http://server/path/yourshell.php                                 #
 #                                                                     #
 #######################################################################