vendor:
VBZoom
by:
SecurityFocus
8,8
CVSS
HIGH
Arbitrary File Upload
264
CWE
Product Name: VBZoom
Affected Version From: VBZoom 1.01
Affected Version To: VBZoom 1.01
Patch Exists: No
Related CWE: N/A
CPE: cpe:a:vbzoom:vbzoom:1.01
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002
VBZoom Arbitrary File Upload Vulnerability
VBZoom 1.01 fails to properly validate the types of files that are received, allowing an attacker to specify an arbitrary file to be uploaded. This can be exploited to upload malicious PHP scripts to the vulnerable system, which will be executed in the security context of the site hosting VBZoom.
Mitigation:
Validate the types of files that are received.
