header-logo
Suggest Exploit
vendor:
MyRoom
by:
SecurityFocus
7.5
CVSS
HIGH
Remote File Upload
434
CWE
Product Name: MyRoom
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

MyRoom File Upload Vulnerability

MyRoom is vulnerable to a remote file upload vulnerability due to inadequate security checks performed by some PHP scripts. An attacker can exploit this vulnerability to upload malicious applications to the vulnerable system or use the system for the storage of files.

Mitigation:

Ensure that all security checks are performed on uploaded files.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/6644/info

A problem with MyRoom may make it possible for remote attackers to upload files to a vulnerable system.

Due to inadequate security checks performed by some PHP scripts, an attacker is able to upload arbitrary files to the system.

Given the ability to upload arbitrary files to the host, an attacker can exploit this vulnerability to upload malicious applications to the vulnerable system or use the system for the storage of files.

http://www.example.org/room/save_item.php?name=[NAME]&ref=test&photo=../inc/conf.php&photo_type=ttxt

Navigation

Suggest Exploit

Services By CQR