vendor:
YourPlace
by:
Osirys
N/A
CVSS
MEDIUM
DB Disclosure / Arbitrary Data Saving / RCE Exploit / Arbitrary File Upload / PHPInfo Disclosure / User Change Account
CWE
Product Name: YourPlace
Affected Version From: 0.5 (beta 1)
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
YourPlace 0.5 (beta 1) Vulnerabilities
The YourPlace 0.5 (beta 1) script has several vulnerabilities including database disclosure, arbitrary data saving, RCE exploit, arbitrary file upload, PHPInfo disclosure, and user change account. The database disclosure vulnerability allows an attacker to access the usernames and passwords stored in the users.txt file. The arbitrary data saving vulnerability can be exploited by an authenticated user to execute arbitrary code. The exploit code is provided in the text.
Mitigation:
Update to a patched version of the script. Ensure proper access controls are implemented and user input is properly validated and sanitized.