vendor:
PHP Forum ohne My SQL
by:
wlhaan hacker
8.8
CVSS
HIGH
Remote File Upload
434
CWE
Product Name: PHP Forum ohne My SQL
Affected Version From: GL-SH DEAF forum 6.5.5 final
Affected Version To: GL-SH DEAF forum 6.5.5 final
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020
PHP Forum ohne My SQL Remote File Upload Vulnerability
This vulnerability allows an attacker to upload a malicious file to a vulnerable web application. The attacker can then access the file by accessing the URL of the uploaded file. The vulnerable application in this case is a PHP Forum ohne My SQL. The exploit involves changing the file extension of a malicious file to a valid image file extension, such as .jpeg, and then uploading it to the vulnerable application. The attacker can then access the malicious file by accessing the URL of the uploaded file.
Mitigation:
The best way to mitigate this vulnerability is to ensure that the application is properly configured to only allow the upload of valid file types. Additionally, the application should be configured to only allow the upload of files from trusted sources.