DownloadsPlus module for PHP-Nuke file extension file upload

downloadsplus-extension-file-upload (42007) The risk level is classified as HighHigh Risk

Description:

The DownloadsPlus module for PHP-Nuke could allow a remote attacker to upload arbitrary files, caused by improper validation of file extensions. A remote attacker with valid authentication credentials could exploit this vulnerability to upload a malicious .htm, .html or .txt file, which could allow the attacker to execute arbitrary code on the vulnerable system.


Consequences:

Gain Access

Remedy:

No remedy available as of June 1, 2013.

References:

  • PHP-Nuke Web site: PHP-Nuke.
  • ZoRLu Advisories, Cuma, Nisan 25. 2008: php-nuke module (DownloadsPlus) remote file upload (only htm, html or txt).
  • BID-28919: PHP-Nuke DownloadsPlus Module Arbitrary File Upload Vulnerability
  • CVE-2008-4767: Unrestricted file upload vulnerability in the DownloadsPlus module in PHP-Nuke allows remote attackers to execute arbitrary code by uploading a file with (1) .htm, (2) .html, or (3) .txt extensions, then accessing it via a direct request to the file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: it is unclear how allowing the upload of .html or .txt files supports arbitrary code execution; this might be legitimate functionality.
  • OSVDB ID: 49409: DownloadsPlus Module for PHP-Nuke Multiple File Extension Arbitrary Remote Code Execution

Platforms Affected:

  • PHP-Nuke DownloadsPlus module

Reported:

Apr 25, 2008

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this

Return to the main page