Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL network
phpf1
exploit available
Published: 2010-01-26
Updated: 2011-01-12
Summary
Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information. Per: http://cwe.mitre.org/data/definitions/434.html 'CWE-434: Unrestricted Upload of File with Dangerous Type'
Vulnerable Configurations
Part | Description | Count |
Application | Phpf1 | 1 |
Exploit-Db
description | Max's Image Uploader Shell Upload Vulnerability. CVE-2010-0390. Webapps exploit for php platform |
file | exploits/php/webapps/11169.txt |
id | EDB-ID:11169 |
last seen | 2016-02-01 |
modified | 2010-01-17 |
platform | php |
port | |
published | 2010-01-17 |
reporter | indoushka |
source | https://www.exploit-db.com/download/11169/ |
title | Max's Image Uploader Shell Upload Vulnerability |
type | webapps |