Arbitrary File Upload in MyPhPim
Summary
- Vulnerability
- Arbitrary File Upload in MyPhPim
- Discovered
- 2006.01.11
- Last Update
- 0 n/a
- ID
- EV0023
- CVE
- CVE-2006-0169
- Risk Level
- high
- Type
- File Upload
- Status
- Unpatched
- Vendor
- n/a
- Vulnerable Software
- MyPhPim (http://sourceforge.net/projects/myphpim/)
- Version
- 01.05
- PoC/Exploit
- Available
- Solution
- Not available
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
Description
File Upload found in MyPhPim (http://sourceforge.net/projects/myphpim/) script.
Vulnerable script: addresses.php3
Variable $pdbfile isn't properly sanitized or file type and content isnt checked. This can be used to upload any file.
Uploaded file name will be uploads/[username]_[filename]. Default directory for uploaded files is "uploads". And it's not protected by default.
PoC/Exploit
Page: "Load Pilot File"
Uploaded file name will be uploads/[username]_[filename].
Solution.
Solution for "Arbitrary File Upload in MyPhPim" is not available. Check vendor's website for updates.