vendor:
Add An Ad Cart and Add An Event
by:
MR.Z
9.3
CVSS
HIGH
Remote File Upload
434
CWE
Product Name: Add An Ad Cart and Add An Event
Affected Version From: Add An Ad Cart and Add An Event
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020
Add An Ad Script ~ Remote PHP File Upload
The vulnerability allows an attacker to upload a malicious file to the vulnerable server. The attacker can then access the uploaded file and execute arbitrary code on the server. The vulnerability exists in the uploadfile.php script, which is used to upload files to the server. The script does not properly validate the uploaded file, allowing an attacker to upload a malicious file.
Mitigation:
The best way to mitigate this vulnerability is to ensure that all uploaded files are properly validated before being stored on the server. Additionally, the server should be configured to only allow certain file types to be uploaded.