Seagull PHP Framework <= 0.6.4 Unrestricted File Upload Vulnerability

Description:

Seagull PHP Framework contains a flaw that allows a remote user to execute arbitrary PHP code. The vulnerability is caused due to an error in the handling of file uploads in the tinyfck/filemanager/connectors/php/connector.php script, when a file name has multiple file extensions. This can be exploited to upload malicious PHP scripts.

References:

• BID-29982
• EDB-5945

Disclosure Date:

June 26, 2008