Unrestricted file upload vulnerability in addons/uploadify/uploadify.php in appRain CMF 0.1.5 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the uploads directory.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Apprain | Apprain | 0.1.0 | 0.1.0 |
Apprain | Apprain | 0.1.1 | 0.1.1 |
Apprain | Apprain | 0.1.2 | 0.1.2 |
Apprain | Apprain | 0.1.3 | 0.1.3 |
Apprain | Apprain | 0.1.4 | 0.1.4 |
Apprain | Apprain | * | 0.1.5 |