Case-insensitive file system bypass vulnerability in X2Engine allows unrestricted file upload attacks

Case-insensitive file system bypass vulnerability in X2Engine allows unrestricted file upload attacks

CVE-2014-5298 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:N/A:P

FileUploadsFilter.php in X2Engine 4.1.7 and earlier, when running on case-insensitive file systems, allows remote attackers to bypass the upload blacklist and conduct unrestricted file upload attacks by uploading a file with an executable extension that contains uppercase letters, as demonstrated using a PHP program.

Learn more about our Web Application Penetration Testing UK.