Detections
Analytics
phpFormGenerator Arbitrary File Upload
high Nessus Network Monitor Plugin ID 3678
Synopsis
The remote host is vulnerable to a Script Injection attack.Description
The remote host is running phpFormGenerator, a PHP-based tool for generating web forms. The version of phpFormGenerator installed on the remote host allows an unauthenticated attacker to create forms supporting arbitrary file uploads. This issue can then be leveraged to upload a file with arbitrary code and execute it subject to the privileges of the web server user ID.Solution
No solution is known at this time.See Also
http://exploitlabs.com/files/advisories/EXPL-A-2006-004-phpformgen.txt