RSS   Vulnerabilities for 'Php upload center'   RSS

2006-12-07
 
CVE-2006-6360

 

 
PHP remote file inclusion vulnerability in activate.php in PHP Upload Center 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the footerpage parameter.

 
2006-03-13
 
CVE-2006-1208

CWE-Other
 

 
Sergey Korostel PHP Upload Center allows remote attackers to execute arbitrary PHP code by uploading a file whose name ends in a .php.li extension, which can be accessed from the upload directory.

 
 
CVE-2006-1207

CWE-Other
 

 
PHP Upload Center stores password hashes under the web root with insufficient access control, which allows remote attackers to download each password hash via a direct request for the upload/users/[USERNAME] file.

 


Copyright 2024, cxsecurity.com

 

Back to Top