AOH :: HP Unsorted Nums :: TB10701.HTM

12All File Upload Vulnerability
12All File Upload Vulnerability
12All File Upload Vulnerability

Author: John McGuire
Company: ActiveCampaign
Product: 1-2-All
Version: 4.5x - 4.53.13
Flaw: Arbitrary File Upload
Vendor Notified: Yes
Patch Available: Yes
Patch Location: 


Description: The FCKeditor module used to create HTML emails appears to 
check filenames against a blacklist of bad extensions. Extensions such 
as php4 and php5 are not in this list, and can be executed and run 
depending on server configuration.

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH
We do not send spam. If you have received spam bearing an email address, please forward it with full headers to