ImageFolio Pro Arbitrary File Upload

2002-06-09T01:19:35
ID OSVDB:4574
Type osvdb
Reporter ET(et@cyberspace.org)
Modified 2002-06-09T01:19:35

Description

Vulnerability Description

ImageFolio Pro contains a flaw that may allow an attacker to upload arbitrary files of any type. The issue is due to the program not validating file types when uploaded. This allows an attacker to upload php, cgi or other files that could be used to leverage additional access on the system.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

ImageFolio Pro contains a flaw that may allow an attacker to upload arbitrary files of any type. The issue is due to the program not validating file types when uploaded. This allows an attacker to upload php, cgi or other files that could be used to leverage additional access on the system.

References:

Vendor URL: http://www.imagefolio.com/ Related OSVDB ID: 4576 Related OSVDB ID: 4573 Mail List Post: http://cert.uni-stuttgart.de/archive/bugtraq/2002/06/msg00078.html