Upload of a PHP file in a vulnerable web application


Description   This signature is designed to block the upload of PHP files in a vulnerable web application. An attacker can exploit such application in order to upload a webshell and gain control of the server.
     
Default
configuration
 
Profiles High Medium Low Internet
Action Block Block Pass Pass
Alarm Level Major Major Ignore Minor
     
References  
     
Available since   ASQ v5.0.0
     
Protects   Wordpress Multiple Themes Vulnerabilities
WordPress Third-Party Plugins Multiple Vulnerabilities
Wordpress Themes Multiple Vulnerabilities
WordPress Third-Party Modules Multiple Vulnerabilities
Wordpress Multiple Third Party Plugins Vulnerabilities
WordPress Third Party Modules Multiple Vulnerabilities
WordPress Multiple Themes Vulnerabilities
Joomla Third-Party Plugins Multiple Vulnerabilities
WordPress Third Party Modules Multiple Vulnerabilities
WordPress Third Party Modules Multiple Vulnerabilities
WordPress Third Party Modules Multiple Vulnerabilities
WordPress Third Party Modules Multiple Vulnerabilities
Joomla Third-Party Plugins Multiple Vulnerabilities
Wordpress Multiple Third Party Plugins Vulnerabilities
Wordpress Multiple Third Party Plugins Vulnerabilities
Joomla Third-Party Plugins Multiple Vulnerabilities
Wordpress Multiple Third Party Plugins Vulnerabilities
Wordpress Multiple Third Party Plugins Multiple Vulnerabilities
Wordpress Themes Multiple Vulnerabilities
Wordpress Multiple Third Party Plugins Multiple Vulnerabilities
Wordpress Multiple Third Party Plugins Multiple Vulnerabilities
DotClear Multiple Vulnerabilities Fixed by 2.8.2
Wordpress Multiple Third Party Plugins Multiple Vulnerabilities
Centreon Multiple Vulnerabilities
WordPress WP Symposium Plugin Arbitrary File Upload Vulnerability
WordPress Tribulant Slideshow Gallery Plugin Arbitrary File Upload Vulnerability
Wordpress NextGEN Gallery Arbitrary File Upload Vulnerability
WordPress Business Intelligence Lite Plugin Arbitrary File Upload Vulnerability
X2CRM Profile Picture Arbitrary File Upload Vulnerability
WordPress The Cotton Theme Arbitrary File Upload Vulnerability
FrontAccounting Attach Document Arbitrary File Upload Vulnerability
WordPress Kiddo Theme "uploadify.php" Arbitrary File Upload Vulnerability
WordPress OptimizePress Plugin Arbitrary File Upload Vulnerability
WordPress Highlight - Powerful Premium Theme Arbitrary File Upload Vulnerability
WordPress This Way Theme Arbitrary File Upload Vulnerability
WordPress Simple Dropbox Upload Plugin Arbitrary File Upload Vulnerability
Collabtive Multiple Vulnerabilities
WordPress Uploader Plugin Cross-Site Scripting and Arbitrary File Upload Vulnerabilities
WordPress Xerte Online Plugin Arbitrary File Upload Vulnerability
WordPress ReFlex Gallery Plugin Arbitrary File Upload Vulnerability
WordPress Clockstone Theme upload.php Arbitrary File Upload Vulnerability
Frei-Chat "upload.php" Arbitrary File Upload Vulnerability
Auxilium PetRatePro Multiple Vulnerabilities
qdPM myAccount Arbitrary File Upload Vulnerability
CuteFlow Multiple Vulnerabilities
EGallery uploadify.php Arbitrary File Upload Vulnerability
WordPress Post Recommendations Plugin "abspath" File Inclusion Vulnerability
Joomla! OS Property Component File Upload Vulnerability
WordPress Flip Book Plugin Arbitrary File Upload Vulnerability
GetSimple Items Manager Plugin Arbitrary File Upload Vulnerability
PHP-Fusion Advanced MP3 Player Module Arbitrary File Upload Vulnerability
e107 Hupsi Fancybox Plugin Arbitrary File Upload Vulnerability
e107 Radio Plan Plugin Arbitrary File Upload Vulnerability
e107 Hupsi Share Plugin Arbitrary File Upload Vulnerability
e107 Hupsis Media Gallery Plugin Arbitrary File Upload Vulnerability
WordPress Sitemile Auctions Plugin Arbitrary File Upload Vulnerability
WordPress LB Mixed Slideshow Plugin Arbitrary File Upload Vulnerability
Joomla! Maian Media Component Arbitrary File Upload Vulnerability
Joomla! Dione FileUploader Module Arbitrary File Upload Vulnerability
WordPress MegaThemes Themes Arbitrary File Upload Vulnerability
WordPress Zingiri Web Shop Plugin Arbitrary File Upload Vulnerability
WordPress Invit0r Plugin Arbitrary File Upload Vulnerability
WordPress Evarisk Plugin Arbitrary File Upload Vulnerability
Joomla! Easy Flash Uploader Module Arbitrary File Upload Vulnerability
Joomla! Art Uploader Module Arbitrary File Upload Vulnerability
WordPress Annonces Plugin Arbitrary File Upload Vulnerability
WordPress Contus Video Gallery Plugin Arbitrary File Upload Vulnerability
WordPress Contus HD FLV Player Plugin SQL Injection and Arbitrary File Upload Vulnerabilities
WordPress SFBrowser Plugin Arbitrary File Upload Vulnerability
WordPress PICA Photo Gallery Plugin Arbitrary File Disclosure and File Upload Vulnerabilities
Wordpress Mac Photo Gallery Plugin Arbitrary File Upload Vulnerability
WordPress Front File Manager Arbitrary File Upload Vulnerability
WordPress Hungred Post Thumbnail Plugin Arbitrary File Upload Vulnerability
WordPress PDW File Browser Plugin Arbitrary File Upload Vulnerability
WordPress Top Quark Architecture Plugin Arbitrary File Upload Vulnerability
WordPress RBX Gallery Plugin Arbitrary File Upload Vulnerability
Agora Project Multiple Vulnerabilities
WordPress wpStoreCart Plugin Arbitrary File Upload Vulnerability
WordPress Front End Upload Plugin Arbitrary File Upload Vulnerability
WordPress Nmedia Member Conversation Plugin Arbitrary File Upload Vulnerability
Wordpress Omni Secure Files Plugin Arbitrary File Upload Vulnerability
WordPress FCChat Widget Plugin Arbitrary File Upload Vulnerability
WordPress MM Forms Community Arbitrary File Upload Vulnerability
Wordpress Font Uploader Plugin Arbitrary File Upload Vulnerability
WordPress WP-Property Plugin Arbitrary File Upload Vulnerability
WordPress HTML5 AV Manager Plugin Arbitrary File Upload Vulnerability
WordPress FoxyPress Plugin Arbitrary File Upload Vulnerability
WordPress Asset Manager Plugin Arbitrary File Upload Vulnerability
Joomla! JCE Component Cross-Site Scripting and Arbitrary File Upload Vulnerabilities
100 last CVE   CVE-2017-9337
CVE-2017-9336
CVE-2017-2168
CVE-2017-1002022
CVE-2017-1002021
CVE-2017-1002020
CVE-2017-1002019
CVE-2017-1002018
CVE-2017-1002017
CVE-2016-1000139
CVE-2015-7806
CVE-2015-5308
CVE-2014-5460
CVE-2014-3247
CVE-2014-3246
CVE-2014-2664
CVE-2013-7102
CVE-2013-5963
CVE-2012-3814
CVE-2012-3578
CVE-2012-3577
CVE-2012-3576
CVE-2012-3575
CVE-2012-3574
CVE-2012-2902
CVE-2012-2901



 
 
 
 
 Risk level 
Moderate