Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:13650
HistoryJul 27, 2006 - 12:00 a.m.

EzUpload multi file vulnerabilities

2006-07-2700:00:00
vulners.com
18
JSON

I don't know anyone report this but I have detected this when test EzUpload Pro 2.2.0
Attacker can re-config EzUpload system without login.
File: filter.php –> change Extensions Mode file type.
File: access.php –> change Protection Method accept anyone upload file
File: edituser.php –> Add user who can upload
File: settings.php –> Change admin informations
File: index.php –> Upload file without login even system require login
Check it and fun

JSON