- Multiple vendor applications utilize Uploadify. Uploadify is a jQuery plugin that integrates a fully-customizable multiple file upload utility on your website. Uploadify contains functionality to handle file uploads. A remote attacker could use this functionality to upload malicous executable files on the system. To test file upload capabilities, Acunetix created a file named <strong><span class="bb-dark">acunetix-uploadify-test.php</span></strong> in the server document root.
- It is recommended to replace the Uploadify script with a script that is more secure.
- WordPress Plugin Picturesurf Gallery 'upload.php' Arbitrary File Upload (1.2)
- timthumb.php remote code execution
- WordPress Plugin WP Marketplace-Complete Shopping Cart/eCommerce Solution Arbitrary File Upload (2.4.1)
- WordPress Plugin Royal Gallery 'upload.php' Arbitrary File Upload (2.1)
- Nginx PHP code execution via FastCGI