Unrestricted file upload

2009-06-0416:30:00

PRIOn knowledge base

www.prio-n.com

8.2 High

AI Score

Confidence

Low

0.053 Low

EPSS

Percentile

93.1%

JSON

Unrestricted file upload vulnerability in uploadp.php in New Earth Programming Team (NEPT) imgupload (aka Image Uploader) 1.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension and a modified content type, then accessing this file via a direct request, as demonstrated by an upload with an image/jpeg content type. NOTE: some of these details are obtained from third party information.

CPENameOperatorVersion
imguploadeq1.0

CPE	Name	Operator	Version
	imgupload	eq	1.0

References

osvdb.org/49428

secunia.com/advisories/32412

www.securityfocus.com/bid/31909

exchange.xforce.ibmcloud.com/vulnerabilities/46089

www.exploit-db.com/exploits/6830