Main
Vulnerability Database
Exploits
ID:1142 - Exploit for Unrestricted file upload in Simple File Upload - CVE-2011-5148
ID:1142 - Exploit for Unrestricted file upload in Simple File Upload - CVE-2011-5148
Published: March 18, 2020
Vulnerability identifier: #VU6169
Vulnerability risk: Low
CVE-ID: CVE-2011-5148
CWE-ID: CWE-434
Exploitation vector: Remote access
Vulnerable software:
Simple File Upload
Simple File Upload
Link to public exploit:
Vulnerability description
The vulnerability allows a remote attacker to execute arbitrary PHP code on the target system.
The weakness exists due to the improper validation of file extensions by the index.php script. A remote attacker can send a specially-crafted HTTP request, upload a malicious PHP script and execute arbitrary PHP code on the system.
Successful exploitation of the vulnerability results in arbitrary PHP code execution on the vulnerable system.
The weakness exists due to the improper validation of file extensions by the index.php script. A remote attacker can send a specially-crafted HTTP request, upload a malicious PHP script and execute arbitrary PHP code on the system.
Successful exploitation of the vulnerability results in arbitrary PHP code execution on the vulnerable system.
Remediation
Update to version 1.3.5.