on the Target System

Impact: Disclosure of system information, Execution of arbitrary code via network, User access via network
Exploit Included: Yes
Version(s): 1.3
Description: A vulnerability was reported in 'File Upload Manager'. A remote user can execute commands on the target system. A remote user may also be able to determine the installation path.

Keitel Andres Ortega reported that '/fileupload/index.php' does not properly validate uploaded files. A remote user can specify an alternate Content-Type when uploading a file or can upload an image file that contains malicious commands. Then, the remote user can send a request to the target web server to load the uploaded file, causing the included commands to be executed.

On some systems, you can upload files from an arbitrary web server. On the systems that will not permit this, you can determine the installation path because an attempt to upload a file by specifying a remote URL will generate an error message that discloses the installation path.

Impact: A remote user can execute commands on the target system.

A remote user may be able to determine the installation path.

Solution: No solution was available at the time of this entry.

http://www.securitytracker.com/alerts/2004/Oct/1011736.html