TUCoPS :: HP Unsorted Nums :: tb10701.htm

12All File Upload Vulnerability
12All File Upload Vulnerability
12All File Upload Vulnerability


Author: John McGuire
Company: ActiveCampaign
Product: 1-2-All
Version: 4.5x - 4.53.13
Flaw: Arbitrary File Upload
Vendor Notified: Yes
Patch Available: Yes
Patch Location: 
http://www.activecampaign.com/support/forum/showthread.php?t=3293 


URL: 
http://{12All_Location}/admin/functions/editor/editor/filemanager/browser/default/browser.html 

Description: The FCKeditor module used to create HTML emails appears to 
check filenames against a blacklist of bad extensions. Extensions such 
as php4 and php5 are not in this list, and can be executed and run 
depending on server configuration.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH