I-Man File Attachments Remote Arbitrary PHP Script Execution Vulnerability

info
discussion
exploit
solution
references

I-Man File Attachments Remote Arbitrary PHP Script Execution Vulnerability

I-Man is affected by a remote PHP script execution vulnerability.

The application fails to verify if file attachments uploaded to the server are PHP scripts.

This issue can facilitate unauthorized access to an affected computer.

I-Man version 0.9 and prior are affected.