ES Simple Uploader Arbitrary File Upload Vulnerability

ES Simple Uploader Arbitrary File Upload Vulnerability

ES Simple Uploader is prone to a vulnerability that lets attackers upload arbitrary files because it fails to adequately sanitize user-supplied input.

An attacker could exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible. The attacker would require a password to access the storage directories.

ES Simple Uploader 1.1 is affected; other versions may also be vulnerable.