Uploadify 'uploadify.php' Multiple Input Validation Vulnerabilities

Uploadify is prone to an arbitrary file download vulnerability , an arbitrary-file-upload vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues may allow a remote attacker to download arbitrary files in the context of the webserver process and execute arbitrary HTML and script code in the browser of an unsuspecting user in the context of the affected site, execute arbitrary script code in the context of the webserver hosting the affected application. This may let the attacker steal cookie-based authentication credentials and launch other attacks.


Privacy Statement
Copyright 2010, SecurityFocus