Vulnerabilities > CVE-2011-5005

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
claudio-klingler
mads-brunn
exploit available

Summary

Unrestricted file upload vulnerability in QuiXplorer 2.3 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension using the upload action to index.php, then accessing it via a direct request to the file in an unspecified directory.

Exploit-Db

descriptionQuiXplorer 2.3 - Bugtraq File Upload Vulnerability. CVE-2011-5005. Webapps exploit for php platform
fileexploits/php/webapps/18118.txt
idEDB-ID:18118
last seen2016-02-02
modified2011-11-15
platformphp
port
published2011-11-15
reporterPCA
sourcehttps://www.exploit-db.com/download/18118/
titleQuiXplorer 2.3 - Bugtraq File Upload Vulnerability
typewebapps