7 lines
No EOL
500 B
Text
7 lines
No EOL
500 B
Text
source: http://www.securityfocus.com/bid/5855/info
|
|
|
|
A problem with the default installation of Midicart PHP may make it possible for remote users to gain access to sensitive information.
|
|
|
|
The default installation of Midicart PHP does not place sufficient access control on files residing in the 'admin' folder. Due to this lack of access control, it is possible for a remote attacker to gain access to this file and upload arbitrary files to a vulnerable system.
|
|
|
|
http://<site>/admin/upload.php |