header-logo
Suggest Exploit
vendor:
HFS HTTP File Server
by:
7.5
CVSS
HIGH
Arbitrary File Upload
CWE
Product Name: HFS HTTP File Server
Affected Version From: Prior to HTTP File Server 2.2b
Affected Version To:
Patch Exists: YES
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Windows (assumed)

Arbitrary File Upload in HFS HTTP File Server

The vulnerability in HFS HTTP File Server allows attackers to upload files and place them in arbitrary locations on the server by exploiting the software's inadequate input sanitization. This can lead to the execution of malicious files and potential attacks.

Mitigation:

Upgrade to HTTP File Server version 2.2b or later to fix the vulnerability. Implement proper input validation and sanitization to prevent arbitrary file uploads.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/26732/info

HFS HTTP File Server is prone to a vulnerability that lets attackers upload files and place them in arbitrary locations on the server. The issue occurs because the software fails to adequately sanitize user-supplied input.

A successful exploit may allow the attacker to upload malicious files and potentially execute them; this may lead to various attacks.

This issue affects versions prior to HTTP File Server 2.2b.

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/30850.zip

Navigation

Suggest Exploit

Services By CQR