PHPBoost Arbitrary File Upload and Information Disclosure Vulnerabilities

2013-03-11T00:00:00
ID EDB-ID:38386
Type exploitdb
Reporter KedAns-Dz
Modified 2013-03-11T00:00:00

Description

PHPBoost Arbitrary File Upload and Information Disclosure Vulnerabilities. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/58432/info

PHPBoost is prone to an information disclosure vulnerability and an arbitrary file-upload vulnerability because the application fails to adequately sanitize user-supplied input.

An attacker can exploit these issues to upload arbitrary files in the context of the web server process or gain access to sensitive information that may aid in further attacks.

PHPBoost 4.0 is vulnerable; other versions may also be affected. 

http://www.example.com/phpboost/user/?url=/../../KedAns