X2Engine <= 3.7.5 (ProfileController.php) Unrestricted File Upload Vulnerability
• Software Link:
• Affected Versions:
Version 3.7.5 and probably prior versions.
• Vulnerability Description:
The vulnerability exists in the /protected/controllers/ProfileController.php script, specifically in the actionUploadPhoto()
method, allowing to upload arbitrary files. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script.
• Solution:
Apply the vendor patch or upgrade to version 4.0.
• Disclosure Timeline:
[20/03/2014] – Vendor notified
[20/03/2014] – Vendor releases updates
[28/03/2014] – Public disclosure
• CVE Reference:
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2014-2664 to this vulnerability.
• Credits:
Vulnerability discovered by Egidio Romano, Secunia Research.