Code injection

uploadhandler.php in the swfupload extension in Chyrp 2.0 and earlier relies on client-side JavaScript code to restrict the file extensions of uploaded files, which allows remote authenticated users to upload a .php file, and consequently execute arbitrary PHP code, via a writepost action to the...

CVE-2011-2745

uploadhandler.php in the swfupload extension in Chyrp 2.0 and earlier relies on client-side JavaScript code to restrict the file extensions of uploaded files, which allows remote authenticated users to upload a .php file, and consequently execute arbitrary PHP code, via a writepost action to the...

Directory traversal

Directory traversal vulnerability in includes/lib/gz.php in Chyrp 2.0 and earlier allows remote attackers to read arbitrary files via a .. dot dot in the file parameter, a different vulnerability than CVE-2011-2744...

CVE-2011-2780

CVE-2011-2780 is a directory traversal in Chyrp 2.x (2.0 and earlier) targeting includes/lib/gz.php. The exploitable vector is a crafted value in the file parameter (../) to read arbitrary files. The connected Nuclei template confirms the existence of a local file inclusion vulnerability and note...