header-logo
Suggest Exploit
vendor:
CF Image Hosting Script
by:
Unknown
7.5
CVSS
HIGH
Arbitrary File Upload
434
CWE
Product Name: CF Image Hosting Script
Affected Version From: 1.1
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Unknown
Unknown

Arbitrary File Upload Vulnerability in CF Image Hosting Script

CF Image Hosting Script is prone to an arbitrary-file-upload vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.

Mitigation:

The vendor has not provided a patch or mitigation for this vulnerability at the time of writing. It is recommended to disable or restrict access to the affected upload functionality.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/39870/info

CF Image Hosting Script is prone to an arbitrary-file-upload vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.

CF Image Hosting Script 1.1 is vulnerable; other versions may also be affected. 

http://www.example.com/upload.php

Navigation

Suggest Exploit

Services By CQR