Full title: Sisfokol 4.0 Arbitrary File Upload Vulnerability 
Category: web applications
Platform: php
The web application is vulnerable to multiple security
vulnerabilities, such as Unauthenticated File Upload
Remote Bypass Authentication
All form in direktori [Sisfokol]/janissari/k/ does not require authentication
to upload a file. By issuing a POST request with a webshell
embedded in a JPEG image it is possible to upload [Sisfokol]/filebox/

# 0day.today @ http://0day.today/