Arbitrary File Upload Vulnerability
phpFileManager a complete filesystem management tool on a single file.
Brought to you by:
dulldusk
[PORTUGUESE] - O Sistema nos permite fazer o upload de qualquer tipo de arquivo sem sequer filtro ou restrição de diretório. Um atacante pode fazer o upload de um arquivo malicioso, tipo phpinfo.php, e acessá-lo via navegador.
[ENGLISH] - The system allows us to upload any type of file without any filter and without restriction directory. An attacker could upload a malicious file, e.g phpinfo.php, and access it via browser.
But that's the purpose of this program - upload and manage ALL TYPES of files on the server! :)
Ok, thanks a lot
2014/1/11 Simonas Juodelis simasj@users.sf.net
Related
Bugs:
#18Hi Wilson, Simonas Juodelis is right. The script is meant for administrators, and any file can be uploaded. Even so, you can search for the upload function and set your file extension limitations.
Last edit: Fabrício Seger Kolling 2018-05-15