Family: Gain a shell remotely --> Category: mixed
Mail-it Now! Upload2Server Arbitrary File Upload Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Checks for arbitrary file upload vulnerability in Mail-it Now! Upload2Server
Detailed Explanation for this Vulnerability Test
The remote web server contains a PHP application is prone to an
arbitrary file upload vulnerability.
The remote host is running Mail-it Now! Upload2Server, a free, PHP
feedback form script supporting file uploads.
The version of Upload2Server installed on the remote host stores
uploaded files insecurely. A possible hacker may be able to exploit this
flaw to upload a file with arbitrary code and then execute it on the
remote host subject to the rights of the web server user id.
See also :
Remove the script or edit the script to change the upload directory.
High / CVSS Base Score : 7
Click HERE for more information and discussions on this network vulnerability scan.