vendor:
Classmate Script
by:
S.W.A.T.
7.5
CVSS
HIGH
Remote File Upload Vulnerability
434
CWE
Product Name: Classmate Script
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008
Availscript Classmate Script Remote File Upload Vulnerability
A vulnerability in Availscript Classmate Script allows an attacker to upload a malicious file to the server. An attacker can register on the site, select a malicious file such as c99.php, and then right click on the blank line in the “Latest Members” section and choose properties. The attacker can then copy the link of the malicious file and rename it with their name and a random ID. This allows the attacker to upload the malicious file to the server.
Mitigation:
Ensure that the application is configured to only allow the upload of files with specific extensions and that the application is configured to reject files with multiple extensions.
