9 lines
No EOL
629 B
Text
9 lines
No EOL
629 B
Text
source: http://www.securityfocus.com/bid/28919/info
|
|
|
|
The DownloadsPlus module for PHP-Nuke is prone to a vulnerability that lets remote attackers upload and execute arbitrary code because the application fails to sanitize user-supplied input. This issue permits attackers to upload arbitrary files with '.htm', '.html', or '.txt' extensions.
|
|
|
|
An attacker can leverage this issue to execute arbitrary code on an affected computer with the privileges of the webserver process.
|
|
|
|
Note that to exploit this issue, the attacker may require valid login credentials.
|
|
|
|
http://www.example.com/phpnuke/upload_category/filename.html |