X2Engine <= 3.7.5 (ProfileController.php) Unrestricted File Upload Vulnerability
• Software Link:
• Affected Versions:
Version 3.7.5 and probably prior versions.
• Vulnerability Description:
The vulnerability exists in the /protected/controllers/ProfileController.php script, specifically in the
actionUploadPhoto() method, allowing to upload arbitrary files. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script.
Apply the vendor patch or upgrade to version 4.0.
• Disclosure Timeline:
[20/03/2014] – Vendor notified
[20/03/2014] – Vendor releases updates
[28/03/2014] – Public disclosure
• CVE Reference:
Vulnerability discovered by Egidio Romano, Secunia Research.