egix@karmainsecurity ~ $

Sharetronix <= 3.1.1 (attachments.php) Unrestricted File Upload Vulnerability

• Software Link:

http://sharetronix.com

• Affected Versions:

Version 3.1.1 and probably other versions.

• Vulnerability Description:

An error due to the /system/controllers/ajax/attachments.php script not properly validating the extension of an uploaded file can be exploited to execute arbitrary PHP code by uploading a malicious PHP file.

• Solution:

No official solution is currently available.

• Disclosure Timeline:

[06/11/2013] – Vendor notified

[06/11/2013] – Vendor response stating “Please immediately cease and desist all such communications”

[05/12/2013] – Public disclosure

• CVE Reference:

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2013-5353 to this vulnerability.

• Credits:

Vulnerability discovered by Egidio Romano, Secunia Research.

• Original Advisory:

http://secunia.com/secunia_research/2013-09