This script is possibly vulnerable to file tampering.
The scanner detected that user input gets written to a file from the server. This alert requires user confirmation. It may be a false positive. It depends on the file that gets written and how/if user input is santitized before being written to this file. Please make sure that user input is not written to a file that gets interpreted by the web server (for example a PHP file) and check if this file is located inside the application directory.
- Please make sure that user input is properly sanitized before being written to the file.
- WordPress Plugin Image Gallery with Slideshow 'upload-file.php' Arbitrary File Upload (1.5)
- MySQL buffer overflow in user defined functions
- WordPress Plugin DP Thumbnail TimThumb Arbitrary File Upload (1.0)
- WordPress Plugin Downloads Manager 'upload.php' Arbitrary File Upload (0.2)
- WordPress Plugin Rent-A-Car TimThumb Arbitrary File Upload (1.0)