Published: 31/12/2006 Updated: 19/10/2017

CVSS v2 Base Score: 6 | Impact Score: 6.4 | Exploitability Score: 6.8

VMScore: 610

Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P

Unrestricted file upload vulnerability in admin/uploads.php in PHP-Update 2.7 and previous versions allows remote authenticated users to upload arbitrary PHP scripts to the gfx/ and files/ directories via the userfile parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
php-update php-update

<?php print_r(' --------------------------------------------------------------------------- PHP-Update <= 27 str_replace() sql injection / privilege escalation / / cmd exec ii by rgod dork: "Powered by PHP-Update" -site:wwwphp-updatecouk -ihackstuff -exploit mail: retrog at alice dot it site: retrogodaltervistaorg -------- ...

#!/usr/bin/perl # rgod u fucking little piece of shit faggot way to ruin a private exploit, scumbag use strict; use IO::Socket; use MIME::Base64; use Getopt::Std; my $app = "PHP-Update 27"; my $type = "Remote Code Execution"; my $author = "undefined1_"; my $date = "2006-10-21"; my $settings = "none"; my $dork = "+\"powered by php update\""; ...

NVD-CWE-Other http://www.securityfocus.com/bid/21789 http://secunia.com/advisories/23486 https://exchange.xforce.ibmcloud.com/vulnerabilities/31125 https://www.exploit-db.com/exploits/3020 https://www.exploit-db.com/exploits/3017 https://nvd.nist.gov https://www.exploit-db.com/exploits/3017/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2006-6879

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect