|
Family: Gain a shell remotely --> Category: mixed
Mail-it Now! Upload2Server Arbitrary File Upload Vulnerability Vulnerability Scan
Vulnerability Scan Summary Checks for arbitrary file upload vulnerability in Mail-it Now! Upload2Server
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP application is prone to an
arbitrary file upload vulnerability.
Description :
The remote host is running Mail-it Now! Upload2Server, a free, PHP
feedback form script supporting file uploads.
The version of Upload2Server installed on the remote host stores
uploaded files insecurely. A possible hacker may be able to exploit this
flaw to upload a file with arbitrary code and then execute it on the
remote host subject to the rights of the web server user id.
See also :
http://retrogod.altervista.org/mailitnow.html
Solution :
Remove the script or edit the script to change the upload directory.
Threat Level:
High / CVSS Base Score : 7
(AV:R/AC:L/Au:NR/C:P/A:P/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|