Remote Code Execution Vulnerability in Chyrp SWFUpload Extension
CVE-2011-2745

Currently unrated

Key Information:

Vendor

Chyrp

Status
Chyrp
Vendor
CVE Published:
27 July 2011

What is CVE-2011-2745?

The SWFUpload extension in Chyrp versions 2.0 and earlier has a security flaw wherein it relies on client-side JavaScript for file extension validation. This reliance creates an opportunity for remote authenticated users to upload PHP files, which enables the execution of arbitrary PHP code when triggered through a write_post action at the specified default URI under the admin directory. Proper input validation and server-side checks are essential to prevent such vulnerabilities.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://securityreason.com/securityalert/8314
third-party-advisoryx_refsource_SREASON
http://www.justanotherhacker.com/advisories/JAHx113.txt
x_refsource_MISC
http://www.securityfocus.com/bid/48672
vdb-entryx_refsource_BID

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.