Description

Multiple vendor applications utilize Uploadify. Uploadify is a jQuery plugin that integrates a fully-customizable multiple file upload utility on your website. Uploadify contains functionality to handle file uploads. A remote attacker could use this functionality to upload malicous executable files on the system. To test file upload capabilities, Acunetix created a file named acunetix-uploadify-test.php in the server document root.

Remediation

It is recommended to replace the Uploadify script with a script that is more secure.

References

Uploadify

Related Vulnerabilities

WordPress Plugin Theme Demo Import Arbitrary File Upload (1.1.0)

WordPress Plugin NextGEN Gallery-WordPress Gallery Arbitrary File Upload (1.9.12)

WordPress Plugin WP User Frontend Arbitrary File Upload (2.3.10)

WordPress Plugin WordPress Backup and Migrate-Backup Guard Arbitrary File Upload (1.5.9)

WordPress Plugin Product Catalog Arbitrary File Upload (3.8.6)

Severity

High

Classification

CWE-434 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Arbitrary File Creation Known Vulnerabilities