AOH :: HP Unsorted Nums :: TB10701.HTM

12All File Upload Vulnerability



12All File Upload Vulnerability
12All File Upload Vulnerability



Author: John McGuire
Company: ActiveCampaign
Product: 1-2-All
Version: 4.5x - 4.53.13
Flaw: Arbitrary File Upload
Vendor Notified: Yes
Patch Available: Yes
Patch Location: 
http://www.activecampaign.com/support/forum/showthread.php?t=3293 


URL: 
http://{12All_Location}/admin/functions/editor/editor/filemanager/browser/default/browser.html 

Description: The FCKeditor module used to create HTML emails appears to 
check filenames against a blacklist of bad extensions. Extensions such 
as php4 and php5 are not in this list, and can be executed and run 
depending on server configuration.


The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.