W-Agora Multiple Arbitrary PHP Code Injection Vulnerabilities

info
discussion
exploit
solution
references

W-Agora Multiple Arbitrary PHP Code Injection Vulnerabilities

W-Agora is prone to multiple PHP code injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.

A remote attacker can exploit these vulnerability to upload or inject arbitrary PHP code to the application and execute it in the context of the Web server process.