Home > Content Management, File Inclusion > e107 Hupsi Fancybox Plugin Arbitrary File Upload Vulnerability

e107 Hupsi Fancybox Plugin Arbitrary File Upload Vulnerability

June 30th, 2012

Application: e107
Affected Version: version 1.4 and other versions.
Vendor’s URL: Hupsi Fancybox Plugin
Bug Type: File Upload
Risk Level: Critical

Solution:
Restrict access to the e107_plugins/hupsi_fancybox/uploader/uploadify.php script (e.g. via .htaccess).

Content Management, File Inclusion

Comments are closed.