Midicart PHP - Arbitrary File Upload

2002-10-02T00:00:00
ID EXPLOITPACK:40E18BF0ABE7CAE8BB0B310AE33C87A2
Type exploitpack
Reporter frog
Modified 2002-10-02T00:00:00

Description

Midicart PHP - Arbitrary File Upload

                                        
                                            source: https://www.securityfocus.com/bid/5855/info

A problem with the default installation of Midicart PHP may make it possible for remote users to gain access to sensitive information.

The default installation of Midicart PHP does not place sufficient access control on files residing in the 'admin' folder. Due to this lack of access control, it is possible for a remote attacker to gain access to this file and upload arbitrary files to a vulnerable system.

http://<site>/admin/upload.php