Moodle v. 2.2.2 Arbitrary File Upload Exploit | dfcode.org
HomeResearchContactHash IDLinks

Vulnerabilities and Exploits
Count: 42


Sort By: Date Views
<
Moodle v. 2.2.2 Arbitrary File Upload Exploit

Information: Discovered: 05-07-2013 Moodle allows admins an option to upload files / include images and multimedia in text like the description of user profiles. Within this upload system, on submission - the POST data contains allowed file extions, for images it should say 'jpg,' 'gif,' and so on. Modifying the POST data allowed file extensions can allow a user to upload .php files, or any other file extensions.
View Code
>

Log in to comment.

No Previous Comments.
[Vulnerabillity #: 34]
dfcode All Rights Reserved