Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
Arbitrary File Upload in HFS HTTP File Server - exploit.company
header-logo
Suggest Exploit
vendor:
HFS HTTP File Server
by:
7.5
CVSS
HIGH
Arbitrary File Upload
CWE
Product Name: HFS HTTP File Server
Affected Version From: Prior to HTTP File Server 2.2b
Affected Version To:
Patch Exists: YES
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Windows (assumed)

Arbitrary File Upload in HFS HTTP File Server

The vulnerability in HFS HTTP File Server allows attackers to upload files and place them in arbitrary locations on the server by exploiting the software's inadequate input sanitization. This can lead to the execution of malicious files and potential attacks.

Mitigation:

Upgrade to HTTP File Server version 2.2b or later to fix the vulnerability. Implement proper input validation and sanitization to prevent arbitrary file uploads.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/26732/info

HFS HTTP File Server is prone to a vulnerability that lets attackers upload files and place them in arbitrary locations on the server. The issue occurs because the software fails to adequately sanitize user-supplied input.

A successful exploit may allow the attacker to upload malicious files and potentially execute them; this may lead to various attacks.

This issue affects versions prior to HTTP File Server 2.2b.

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/30850.zip

Navigation

Suggest Exploit

Services By CQR