vendor:
myPHPupload
by:
ViRuSMaN
8.8
CVSS
HIGH
Remote File Upload
434
CWE
Product Name: myPHPupload
Affected Version From: 2000.5.1
Affected Version To: 2000.5.1
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
N/A
myPHPupload 0.5.1 Remote File Upload Vulnerability
myPHPupload 0.5.1 is vulnerable to a remote file upload vulnerability. An attacker can upload a malicious file to the server by exploiting this vulnerability. The attacker can then access the uploaded file by visiting the directory where the file was uploaded.
Mitigation:
The application should validate the file type before allowing it to be uploaded. The application should also restrict the file size and the file name.