|
Description
|
|
Multiple vulnerabilities have been identified in Up,Phpaw,05, which could be exploited by malicious users to gain knowledge of sensitive information or compromise a vulnerable system.
The first issue is caused by missing access validation within the "admin/filesup.php" script when adding authorized file extensions, which could allow authenticated users to upload PHP scripts via "upload.php" and execute arbitrary code with the privileges of the web server.
The second vulnerability is caused by input validation errors in the "ardguest.php" and "contact.php" scripts, which could be exploited by malicious users to conduct cross site scripting attacks.
|
