1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content

Where You Are

  1. Home
  2. Security
  3. Security Lab
  4. Latest Threats
  5. Vulnerability Descriptions
  6. SA200800104

K&S Shop File Upload Vulnerability

Report ID: SA200800104
Source: Secunia
Date of Discovery: 24.12.2008
Criticality: Urgent
Affects:
K&S Shop
Compromise From: From remote
Compromise Type: System access

Summary

mNt has reported a vulnerability in K&S Shop, which can be exploited by malicious people to compromise a vulnerable system.

Detailed Description

The vulnerability is caused due to insecure access restrictions to admin/editor/images.php and can be exploited to upload files with arbitrary extensions and e.g. execute arbitrary PHP code.

Solution

Restrict access to the "admin" directory (e.g. via an ".htaccess" file).