Arbitrary PHP File Upload Vulnerability in LabWiki 1.1 and Earlier

Arbitrary PHP File Upload Vulnerability in LabWiki 1.1 and Earlier

CVE-2011-4334 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

edit.php in LabWiki 1.1 and earlier does not properly verify uploaded user files, which allows remote authenticated users to upload arbitrary PHP files via a PHP file with a .gif extension in the userfile parameter.

Learn more about our User Device Pen Test.