Website Baker Arbitrary File Upload Vulnerability

Website Baker is prone to a remote arbitrary file upload vulnerability. The issue presents itself due to a lack of sanitization performed on media files that are uploaded.

This issue can ultimately facilitate unauthorized access in the context of the Web server.

It should be noted the upload feature is normally accessible to administrators only, but can be activated for all users.


 

Privacy Statement
Copyright 2010, SecurityFocus