Joe Lumbroso Jack's Formmail.php Unauthorized Remote File Upload Vulnerability

It has been reported that Jack's Formmail.php may be prone to an unauthorized file upload vulnerability that may allow a remote attacker to gain unauthorized access to a vulnerable server and upload arbitrary files. Due to improper validation performed in the 'check_referer()' function, an attacker can bypass the checks by supplying an empty value for HTTP referer. This issue may then allow an attacker to upload a file via the 'css' variable of 'file.php' script.

Although unconfirmed, Formmail.php versions 5.0 and prior may be affected by this issue.


Privacy Statement
Copyright 2010, SecurityFocus