vendor:
MyWeight 1.0
by:
Mr.tro0oqy
8,8
CVSS
HIGH
Shell Upload
434
CWE
Product Name: MyWeight 1.0
Affected Version From: 1.0
Affected Version To: 1.0
Patch Exists: No
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009
MyWeight 1.0 Shell Upload Vulnerability
MyWeight 1.0 is vulnerable to a shell upload vulnerability. An attacker can register in the site, go to their profile, and upload a shell.php file. This allows the attacker to gain remote code execution on the server.
Mitigation:
Ensure that user-supplied files are not uploaded to the server, and that the server is configured to reject any files with a .php extension.