[原文]Meilad File upload script (up.php) mod for phpBB 2.0.x does not properly limit the types of files that can be uploaded, which allows remote authenticated users to execute arbitrary commands by uploading PHP files, then directly requesting them from the uploads directory.
Discovery is credited to Status-x <email@example.com>.
File Upload Script File Upload Script 1.1
File Upload Script is reported prone to an arbitrary script upload vulnerability.
If successfully exploited, an attacker can execute arbitrary script code on a vulnerable server. This can lead to unauthorized access in the context of the affected server.
All versions of File Upload Script are considered vulnerable at the moment.
An exploit is not required.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: firstname.lastname@example.org <mailto:email@example.com>.