XHP CMS v.0.5 File Upload Security Vulnerability

Description
Access to the filemanager plugins "inc/htmlarea/plugins/FileManager/manager.php" and "inc/htmlarea/plugins/FileManager/standalonemanager.php" is not properly restricted. This can e.g. be exploited to upload and execute malicious PHP scripts.

Confirmed in version 0.5. Other versions may also be affected.

Impact
This can be exploited to upload arbitrary files to a location inside the web root (e.g. a PHP script).

References
Secunia SA19353
Product Homepage

Articles on Web Security

More Articles

White Papers on Web Security

More White Papers

Acunetix Web Application Security Blog

Latest Article

Web Server Security and Database Server Security

If your servers and/or web applications are compromised, hackers will have complete access to your backend data even though your firewall is configured correctly and your operating system and applications are patched repeatedly. Read more and learn on web server security

Continue Reading | More Articles

Latest Whitepaper

Why File Upload Forms are a major security threat

This white paper talks about common file upload forms validation types and also how malicious users can easily bypass them. With the help of Acunetix WVS, a web developer can easily find these vulnerabilities in web applications without the need of advanced web security expertise. He can also easily solve them thanks to the amount of extensive information Acunetix WVS reports.

Continue Reading | More White Papers

Testimonials

“The issues detected were of major impact; if hackers would have found the security holes, they could have hacked an entire Joomla! Site.” Robin Muilvijk,
Quality & Testing Team, Joomla!

More Testimonials

“The issues detected were of major impact; if hackers would have found the security holes, they could have hacked an entire Joomla! Site.”

Robin Muilvijk
Quality & Testing Team, Joomla!

More Testimonials