SimplePHPBlog img_upload_cgi.php Arbitrary File Upload Vulnerability

info
discussion
exploit
solution
references

SimplePHPBlog img_upload_cgi.php Arbitrary File Upload Vulnerability

SimplePHPBlog is prone to an arbitrary-file-upload vulnerability because the application fails to sufficiently sanitize user-supplied input.

An attacker can exploit this vulnerability to upload PHP script code and execute it in the context of the webserver process.

This issue affects SimplePHPBlog 0.4.9; other versions may also be affected.