Vulnerabilities

CVE-2014-2223

by Fred · 11/09/2014

Unrestricted file upload vulnerability in plog-admin/plog-upload.php in Plogger 1.0 RC1 and earlier allows remote authenticated users to execute arbitrary code by uploading a ZIP file that contains a PHP file and a non-zero length PNG file, then accessing the PHP file via a direct request to it in plog-content/uploads/archive/.

Date published : 2014-09-11

http://www.exploit-db.com/exploits/34447

http://packetstormsecurity.com/files/128029/Plogger-Authenticated-Arbitrary-File-Upload.html

Similar

Tags: Cybersecurity Alert