PhpWiki fails to properly restrict uploaded files, which can allow a remote attacker to execute arbitrary commands on a vulnerable system.
PhpWiki is Wiki software that is implemented in PHP. PhpWiki includes an "UpLoad" feature that allows users to upload files. Files with a .php extension are not permitted, however other extensions are allowed. This can allow an attacker to upload a file that can be processed by PHP on the PhpWiki server.
Note that this vulnerability is being actively exploited.
A remote attacker may be able to execute arbitrary PHP code on a vulnerable server. This can allow arbitrary command execution on the system.
We are currently unaware of a practical solution to this problem.
Thanks to Reini Urban for reporting this vulnerability.
This document was written by Will Dormann.
|Date First Published:||2007-04-12|
|Date Last Updated:||2007-04-13 14:47 UTC|