PHPBoost - Arbitrary File Upload / Information Disclosure

EDB-ID:

38386

CVE:

N/A


Platform:

PHP

Published:

2013-03-11

source: http://www.securityfocus.com/bid/58432/info

PHPBoost is prone to an information disclosure vulnerability and an arbitrary file-upload vulnerability because the application fails to adequately sanitize user-supplied input.

An attacker can exploit these issues to upload arbitrary files in the context of the web server process or gain access to sensitive information that may aid in further attacks.

PHPBoost 4.0 is vulnerable; other versions may also be affected. 

http://www.example.com/phpboost/user/?url=/../../KedAns