vendor:
MySimpleFileUploader
by:
FormatXFormaT
7.5
CVSS
HIGH
Upload Shell Vulnerability
434
CWE
Product Name: MySimpleFileUploader
Affected Version From: V1.6
Affected Version To: V1.6
Patch Exists: Yes
Related CWE: N/A
CPE: MySimpleFileUploader
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009
MySimpleFileUploader V1.6 Upload Shell Vulnerability
MySimpleFileUploader V1.6 is vulnerable to an upload shell vulnerability. An attacker can exploit this vulnerability by changing the type of file to c99.php.sisx and uploading a malicious shell. This will allow the attacker to gain access to the server.
Mitigation:
The vendor has released a patch to address this vulnerability. Users should update to the latest version of MySimpleFileUploader.