AOH :: HP Unsorted P :: BT-30037.HTM

phpegasus 'config.php' Arbitrary File Upload Vulnerability



phpegasus 'config.php' Arbitrary File Upload Vulnerability
phpegasus 'config.php' Arbitrary File Upload Vulnerability



phpegasus is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to adequately sanitize user-supplied input.

An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.

all version is Affected with this vulnerability
The following exploit code is available here:

http://www.inj3ct0r.com/exploits/11985 

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.