← back
CVE-2011-2745

CVE-2011-2745

EPSS 2.0%
upload_handler.php in the swfupload extension in Chyrp 2.0 and earlier relies on client-side JavaScript code to restrict the file extensions of uploaded files, which allows remote authenticated users to upload a .php file, and consequently execute arbitrary PHP code, via a write_post action to the default URI under admin/.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/35947unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://securityreason.com/securityalert/8314http://www.justanotherhacker.com/advisories/JAHx113.txthttp://www.openwall.com/lists/oss-security/2011/07/13/5http://www.openwall.com/lists/oss-security/2011/07/13/6http://www.securityfocus.com/bid/48672