1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content

Where You Are

  1. Home
  2. Security
  3. Security Lab
  4. Latest Threats
  5. Vulnerability Descriptions
  6. SA200900202

Memberkit Arbitrary File Upload Vulnerability

Report ID: SA200900202
Source: Unknown
Date of Discovery: 06.01.2009
Criticality: Moderate
Affects:
Memberkit 1.x
Compromise From: From remote
Compromise Type: System access

Summary

A vulnerability in Memberkit, which can be exploited by malicious users to compromise a vulnerable system.

Detailed Description

The vulnerability is caused due to the application allowing the upload of files with arbitrary extensions to a folder inside the webroot. This can be exploited to execute arbitrary PHP code by uploading a PHP file through the "My Picture Album" section.

The vulnerability is reported in version 1.0. Other versions may also be affected.

Solution

Restrict access to trusted users only.