Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

PHP Arbitrary File Upload

Medium

Synopsis

The remote host is vulnerable to a an arbitrary file upload flaw.

Description

The remote web server is configured to be PHP-enabled. It is reported that versions of PHP up to 5.0.2 and 4.3.9 are prone to a file upload vulnerability. An attacker may upload an arbitrary file on the web server in the context of the PHP application.

Solution

Upgrade to version 4.3.9, 5.0.2 or higher.