RSS   Vulnerabilities for 'Kusaba'   RSS

2008-12-18
 
CVE-2008-5663

CWE-20
 

 
Multiple unrestricted file upload vulnerabilities in Kusaba 1.0.4 and earlier allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension using (1) load_receiver.php or (2) a shipainter action to paint_save.php, then accessing the uploaded file via a direct request to this file in their user directory.

 


Copyright 2019, cxsecurity.com

 

Back to Top