• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Zomplog admin/upload_files.php Unauthorized Access Vulnerability

Zomplog is prone to an unauthorized-access vulnerability because it fails to adequately limit access to administrative scripts.

An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver process. This may allow the attacker to gain unauthorized access or to escalate privileges; other attacks are also possible.

This issue affects Zomplog 3.8.1; other versions may also be vulnerable.