CVE-2011-2745

Published: Jul 27, 2011Modified: Apr 29, 2026

6.5

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability: 8.0 / Impact: 6.4

Source: NVD

Description

upload_handler.php in the swfupload extension in Chyrp 2.0 and earlier relies on client-side JavaScript code to restrict the file extensions of uploaded files, which allows remote authenticated users to upload a .php file, and consequently execute arbitrary PHP code, via a write_post action to the default URI under admin/.

Affected (1)

Products: Chyrp: Chyrp

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Chyrp Chyrp	Up to 2.0

Related CWEs

References (10)

http://securityreason.com/securityalert/8314

Source: cve@mitre.org

http://www.justanotherhacker.com/advisories/JAHx113.txt

Source: cve@mitre.org

Exploit

http://www.openwall.com/lists/oss-security/2011/07/13/5

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2011/07/13/6

Source: cve@mitre.org

Exploit

http://www.securityfocus.com/bid/48672

Source: cve@mitre.org

Exploit

http://securityreason.com/securityalert/8314

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.justanotherhacker.com/advisories/JAHx113.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.openwall.com/lists/oss-security/2011/07/13/5

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2011/07/13/6

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.securityfocus.com/bid/48672

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

Timeline

No history available yet.