Описание
Glossword versions 1.8.8 through 1.8.12 contain an authenticated arbitrary file upload vulnerability. When deployed as a standalone application, the administrative interface (gw_admin.php) allows users with administrator privileges to upload files to the gw_temp/a/ directory. Due to insufficient validation of file type and path, attackers can upload and execute PHP payloads, resulting in remote code execution.
Glossword versions 1.8.8 through 1.8.12 contain an authenticated arbitrary file upload vulnerability. When deployed as a standalone application, the administrative interface (gw_admin.php) allows users with administrator privileges to upload files to the gw_temp/a/ directory. Due to insufficient validation of file type and path, attackers can upload and execute PHP payloads, resulting in remote code execution.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2013-10067
- https://github.com/glosswordteam/Glossword
- https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/glossword_upload_exec.rb
- https://sourceforge.net/projects/glossword
- https://www.exploit-db.com/exploits/24456
- https://www.exploit-db.com/exploits/24548
- https://www.vulncheck.com/advisories/glossword-arbitrary-file-upload-rce
Связанные уязвимости
Glossword versions 1.8.8 through 1.8.12 contain an authenticated arbitrary file upload vulnerability. When deployed as a standalone application, the administrative interface (gw_admin.php) allows users with administrator privileges to upload files to the gw_temp/a/ directory. Due to insufficient validation of file type and path, attackers can upload and execute PHP payloads, resulting in remote code execution.