header-logo
Suggest Exploit
vendor:
Simple Machines Forum
by:
7.5
CVSS
HIGH
Arbitrary File Upload
CWE
Product Name: Simple Machines Forum
Affected Version From: 1.1.15
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

Arbitrary File Upload Vulnerability in Simple Machines Forum

An attacker can exploit an arbitrary-file-upload vulnerability in Simple Machines Forum by injecting malicious code through user-supplied input. This can lead to arbitrary code execution within the vulnerable application.

Mitigation:

The vendor has not provided any specific mitigation or remediation for this vulnerability.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/50925/info

Simple Machines Forum is prone to an arbitrary-file-upload vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to upload arbitrary files to the affected computer; this can result in arbitrary code execution within the context of the vulnerable application.

Simple Machines Forum 1.1.15 is vulnerable; other versions may also be affected. 

http://www.example.com/[patch]/FCKeditor/editor/filemanager/browser/default/browser.html?Type=File&Connector=connectors/php/connector.php

Navigation

Suggest Exploit

Services By CQR