Family: CGI abuses --> Category: infos
FUDforum < 2.7.1 Avatar Upload Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Checks for avatar upload vulnerability in FUDforum < 2.7.1
Detailed Explanation for this Vulnerability Test
The remote web server contains a PHP application that allows for
arbitrary code execution.
The remote host is running FUDforum, an open-source web forum written
According to its banner, the version of FUDforum installed on the
remote host may allow an authenticated attacker to upload a file with
arbitrary PHP code as an avatar image and later run that code subject
to the rights of the web server user id.
See also :
Upload to FUDforum 2.7.1 or later.
Low / CVSS Base Score : 3
Click HERE for more information and discussions on this network vulnerability scan.