Description - Arbitrary File Upload in MyPhPim
File Upload found in MyPhPim script.
- Exploit
- Available
- Solution
- Not available - check vendor's website
Vulnerable script: addresses.php3
Variable $pdbfile isn't properly sanitized or file type and content isnt checked. This can be used to upload any file.
Uploaded file name will be uploads/[username]_[filename]. Default directory for uploaded files is "uploads". And it's not protected by default.
Order PHP Code Audit made by eVuln team
Protect against attacks by source code analysis of a website done by our team.The work will be done by specialists in web security.