Bugtraq mailing list archives
12All File Upload Vulnerability
From: John McGuire <bugtraq () greeneandassoc com>
Date: Wed, 02 May 2007 15:07:00 -0700
Author: John McGuire Company: ActiveCampaign Product: 1-2-All Version: 4.5x - 4.53.13 Flaw: Arbitrary File Upload Vendor Notified: Yes Patch Available: YesPatch Location: http://www.activecampaign.com/support/forum/showthread.php?t=3293
URL: http://{12All_Location}/admin/functions/editor/editor/filemanager/browser/default/browser.html
Description: The FCKeditor module used to create HTML emails appears to check filenames against a blacklist of bad extensions. Extensions such as php4 and php5 are not in this list, and can be executed and run depending on server configuration.
Current thread:
- 12All File Upload Vulnerability John McGuire (May 03)
- <Possible follow-ups>
- Re: 12All File Upload Vulnerability info (May 07)