RSS   Vulnerabilities for 'E-uploader pro'   RSS

2006-12-21
 
CVE-2006-6694

 

 
Directory traversal vulnerability in include/config.php in E-Uploader Pro 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a .. (dot dot) in the language parameter, as demonstrated by uploading a .JPG file containing PHP code, then accessing the file via config.php.

 


Copyright 2024, cxsecurity.com

 

Back to Top