Unrestricted file upload vulnerability in IMCE
Medium
Vulnerability Details
## Summary
## Steps To Reproduce
POC
1. Go to "https://forum.acronis.com/" and creat user
1. Click on edit profile and go to Signature click on (inser image usig imce file manger)
1. Now upload php file and bypass to add .gif in the endpoint
## Recommendations
https://www.incibe-cert.es/en/early-warning/vulnerabilities/cve-2006-7109
https://security-tracker.debian.org/tracker/CVE-2006-7109
## Impact
allows remote authenticated users to upload arbitrary PHP code
Actions
View on HackerOneReport Stats
- Report ID: 1121317
- State: Closed
- Substate: not-applicable
- Upvotes: 5