Arbitrary File Upload Vulnerability in HB AUDIO GALLERY
Someone reported to us that our Plugin Vulnerabilities Firewall had blocked an attempt to exploit what turned out to be an arbitrary file upload vulnerability in the plugin HB AUDIO GALLERY. The blocked request was sent to the plugin’s file /lib/upload_picture.php. The relevant code that allows arbitrary file uploads in the file is this:
21 22 23 24 25 26 27 28 29 |
$fileName = time() . '_' . basename($_FILES['picture']['name']); $success = false; $uploadDir = HBAG_IMAGE_UPLOAD_DIR; $targetPath = $uploadDir . $fileName; $aid = $_POST['audio_id']; $targetPathUrl = PICTURE_DIR_URL . $fileName; //Upload file to server if (move_uploaded_file($_FILES['picture']['tmp_name'], $targetPath)) { |
//Upload file to server
if (move_uploaded_file($_FILES['picture']['tmp_name'], $targetPath)) { [Read more]