Sergey Korostel: >> Php Upload Center Security Vulnerabilities
PHP remote file inclusion vulnerability in activate.php in PHP Upload Center 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the footerpage parameter.
CVSS Score
7.5
EPSS Score
0.076
Published
2006-12-07
PHP Upload Center stores password hashes under the web root with insufficient access control, which allows remote attackers to download each password hash via a direct request for the upload/users/[USERNAME] file.
CVSS Score
5.0
EPSS Score
0.005
Published
2006-03-14
Sergey Korostel PHP Upload Center allows remote attackers to execute arbitrary PHP code by uploading a file whose name ends in a .php.li extension, which can be accessed from the upload directory.
CVSS Score
7.5
EPSS Score
0.016
Published
2006-03-14
Directory traversal vulnerability in index.php in PHP Upload Center allows remote attackers to read arbitrary files via "../" sequences in the filename parameter.
CVSS Score
5.0
EPSS Score
0.04
Published
2005-12-01