Sergey Korostel » Php Upload Center : Security Vulnerabilities, CVEs,
PHP remote file inclusion vulnerability in activate.php in PHP Upload Center 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the footerpage parameter.
Max CVSS
7.5
EPSS Score
14.44%
Published
2006-12-07
Updated
2017-10-19
Sergey Korostel PHP Upload Center allows remote attackers to execute arbitrary PHP code by uploading a file whose name ends in a .php.li extension, which can be accessed from the upload directory.
Max CVSS
7.5
EPSS Score
3.03%
Published
2006-03-14
Updated
2018-10-18
PHP Upload Center stores password hashes under the web root with insufficient access control, which allows remote attackers to download each password hash via a direct request for the upload/users/[USERNAME] file.
Max CVSS
5.0
EPSS Score
0.86%
Published
2006-03-14
Updated
2018-10-18
3 vulnerabilities found