header-logo
Suggest Exploit
vendor:
JSBoard
by:
Unknown
7.5
CVSS
HIGH
Arbitrary PHP Script Upload
CWE
Product Name: JSBoard
Affected Version From: JSBoard 2.0.8 and prior, JSBoard-win32 1.3.11a prior
Affected Version To:
Patch Exists: YES
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

JSBoard Arbitrary PHP Script Upload Vulnerability

The vulnerability allows a remote attacker to upload arbitrary PHP scripts to a vulnerable server by exploiting insufficient sanitization of user-supplied input. If successful, the attacker can execute arbitrary script code on the server, leading to unauthorized access in the context of the application.

Mitigation:

It is recommended to update to a fixed version of JSBoard (2.0.9 or later) or JSBoard-win32 (1.3.11b or later). Additionally, input sanitization should be implemented to prevent this type of attack.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/11983/info

JSBoard is reported prone to a vulnerability that can allow a remote attacker to upload arbitrary PHP scripts to a vulnerable server. This issue results from insufficient sanitization of user-supplied input.

If successful, the attacker can execute arbitrary script code on a vulnerable server. This can lead to unauthorized access in the context of the application.

This issue was identified in versions of JSBoard 2.0.8 and prior and JSBoard-win32 1.3.11a prior. 

Script file name:
attack.php.hwp

Navigation

Suggest Exploit

Services By CQR