appRain CMF <= 0.1.5 (uploadify.php) Unrestricted File Upload Vulnerability

Description:

appRain contains a flaw that allows a remote user to execute arbitrary PHP code. This flaw exists because the application uses the uploadify.php script, which does not properly verify or sanitize user-uploaded files.

References:

• CVE-2012-1153
• BID-51576
• EDB-18392

Disclosure Date:

January 19, 2012