Multiple unrestricted file upload vulnerabilities in Kusaba 1.0.4 and previous versions allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension using (1) load_receiver.php or (2) a shipainter action to paint_save.php, then accessing the uploaded file via a direct request to this file in their user directory.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
kusaba kusaba |