Seagull PHP Framework <= 0.6.4 Unrestricted File Upload Vulnerability


Seagull PHP Framework contains a flaw that allows a remote user to execute arbitrary PHP code. The vulnerability is caused due to an error in the handling of file uploads in the tinyfck/filemanager/connectors/php/connector.php script, when a file name has multiple file extensions. This can be exploited to upload malicious PHP scripts.


Disclosure Date:

June 26, 2008