vendor:
Login.php and UploadPicture.php
by:
indoushka
7.5
CVSS
HIGH
Remote File Upload
264
CWE
Product Name: Login.php and UploadPicture.php
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2003-2005
Shell Upload
A vulnerability in Yonja, LLC. allows an attacker to upload a malicious shell to the vulnerable server. The attacker can then execute arbitrary code on the server.
Mitigation:
Ensure that the application is configured to only allow the upload of files with the appropriate MIME type and that the application is configured to only allow the upload of files to a predetermined directory.