what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
JobScript Remote Code Execution https://packetstormsecurity.com/files/137147/ZSL-2016-5322.txt https://packetstormsecurity.com/files/137147/ZSL-2016-5322.txt https://packetstormsecurity.com/files/137147/JobScript-Remote-Code-Execution.html Mon, 23 May 2016 15:57:30 GMT JobScript suffers from an authenticated arbitrary PHP code execution. The vulnerability is caused due to the improper verification of uploaded files in '/admin-ajax.php' script thru the 'name' and 'file' POST parameters. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script file with '.php' extension (to bypass the '.htaccess' block rule) that will be stored in '/jobmonster/wp-content/uploads/jobmonster/' directory.

Related Files

No related files
packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close