Published: 26/01/2010 Updated: 12/01/2011
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 685
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote malicious users to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.

Affected Products

Vendor Product Versions
Phpf1Max's Image Uploader1.0


======================================================================================== | # Title : Max's Image Uploader Shell Upload Vulnerability | # Author : indoushka | # email : indoushka@hotmailcom ...