FreeHostShop Website Generator 3.3 - Arbitrary File Upload
| EKU-ID: 32604 | CVE: CVE-2006-0936;OSVDB-23478 | OSVDB-ID: |
| Author: NSA Group | Published: 2006-02-25 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 32604 | CVE: CVE-2006-0936;OSVDB-23478 | OSVDB-ID: |
| Author: NSA Group | Published: 2006-02-25 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/16823/info Website generator is prone to an arbitrary file-upload vulnerability. An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible. http://www.example.com/files/myforms/process3.php?formname=attack.php%00*name[0]=