Full title: Idera Up.Time Monitoring Station 7.0 post2file.php Arbitrary File Upload Exploit 
Category: web applications
Platform: php
This Metasploit module exploits an arbitrary file upload vulnerability found within the Up.Time monitoring server 7.2 and below. A malicious entity can upload a PHP file into the webroot without authentication, leading to arbitrary code execution. Although the vendor fixed Up.Time to prevent this vulnerability, it was not properly mitigated. To exploit against a newer version of Up.Time (such as 7.4), please use exploits/multi/http/uptime_file_upload_2.

# 0day.today @ http://0day.today/