PHP Arbitrary File Upload
Medium Nessus Network Monitor Plugin ID 2286
SynopsisThe remote host is vulnerable to a an arbitrary file upload flaw.
DescriptionThe remote web server is configured to be PHP-enabled. It is reported that versions of PHP up to 5.0.2 and 4.3.9 are prone to a file upload vulnerability. An attacker may upload an arbitrary file on the web server in the context of the PHP application.
SolutionUpgrade to version 4.3.9, 5.0.2 or higher.