header-logo
Suggest Exploit
vendor:
PHPBoost
by:
SecurityFocus
7,5
CVSS
HIGH
Information Disclosure and Arbitrary File Upload
20, 434
CWE
Product Name: PHPBoost
Affected Version From: 4.0
Affected Version To: 4.0
Patch Exists: YES
Related CWE: N/A
CPE: a:phpboost:phpboost
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2013

PHPBoost Information Disclosure and Arbitrary File Upload Vulnerabilities

PHPBoost is prone to an information disclosure vulnerability and an arbitrary file-upload vulnerability because the application fails to adequately sanitize user-supplied input. An attacker can exploit these issues to upload arbitrary files in the context of the web server process or gain access to sensitive information that may aid in further attacks.

Mitigation:

Input validation should be used to ensure that user-supplied data is properly sanitized. Additionally, access to sensitive files should be restricted.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/58432/info

PHPBoost is prone to an information disclosure vulnerability and an arbitrary file-upload vulnerability because the application fails to adequately sanitize user-supplied input.

An attacker can exploit these issues to upload arbitrary files in the context of the web server process or gain access to sensitive information that may aid in further attacks.

PHPBoost 4.0 is vulnerable; other versions may also be affected. 

http://www.example.com/phpboost/user/?url=/../../KedAns

Navigation

Suggest Exploit

Services By CQR