• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

FUDforum Avatar Upload Arbitrary Script Upload Vulnerability

FUDforum is prone to a remote arbitrary PHP file-upload vulnerability.

An attacker can merge an image file with a script file and upload it to an affected server.

This issue can facilitate unauthorized remote access.

Versions prior to FUDforum 2.7.1 are reported affected. Currently, Symantec cannot confirm if version 2.7.1 is affected as well.