header-logo
Suggest Exploit
vendor:
Midicart PHP
by:
SecurityFocus
7.5
CVSS
HIGH
Arbitrary File Upload
264
CWE
Product Name: Midicart PHP
Affected Version From: Midicart PHP
Affected Version To: Midicart PHP
Patch Exists: YES
Related CWE: CVE-2002-1490
CPE: a:midicart:midicart_php
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2002

A problem with the default installation of Midicart PHP

Midicart PHP is vulnerable to an arbitrary file upload vulnerability due to the lack of access control on files residing in the 'admin' folder. This vulnerability allows a remote attacker to upload arbitrary files to a vulnerable system.

Mitigation:

Access control should be placed on files residing in the 'admin' folder.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/5855/info

A problem with the default installation of Midicart PHP may make it possible for remote users to gain access to sensitive information.

The default installation of Midicart PHP does not place sufficient access control on files residing in the 'admin' folder. Due to this lack of access control, it is possible for a remote attacker to gain access to this file and upload arbitrary files to a vulnerable system.

http://<site>/admin/upload.php

Navigation

Suggest Exploit

Services By CQR