header-logo
Suggest Exploit
vendor:
FestOS
by:
Unknown
7.5
CVSS
HIGH
Arbitrary File Upload
Unknown
CWE
Product Name: FestOS
Affected Version From: FestOS 2.3c
Affected Version To: Unknown
Patch Exists: NO
Related CWE: Unknown
CPE: a:festos:festos:2.3c
Metasploit:
Other Scripts:
Platforms Tested: Unknown
Unknown

Arbitrary File Upload vulnerability in FestOS

The FestOS application fails to sanitize user-supplied input, allowing an attacker to upload arbitrary code and run it in the context of the webserver process. This can lead to remote code execution and compromise the system.

Mitigation:

To mitigate this vulnerability, it is recommended to implement proper input validation and sanitization mechanisms in the FestOS application. Additionally, file uploads should be restricted to specific directories and file types. Regular security updates and patches should be applied.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/47751/info

FestOS is prone to an arbitrary-file-upload vulnerability because the application fails to adequately sanitize user-supplied input.

An attacker can exploit this issue to upload arbitrary code and run it in the context of the webserver process.

FestOS 2.3c is vulnerable; other versions may also be affected. 

http://www.example.com/[path]/admin/includes/tiny_mce/plugins/tinybrowser/upload.php

Navigation

Suggest Exploit

Services By CQR