Description
Unrestricted file upload vulnerability in PHPFM before 0.2.3 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension to an accessible directory, as demonstrated using a file with a .php extension, aka "upload phpshell."
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by rUnViRuS · textwebappsphp
https://www.exploit-db.com/exploits/26474
References (2)
Core 2
Core References
Exploit mailing-list
x_refsource_bugtraq
http://cert.uni-stuttgart.de/archive/bugtraq/2005/11/msg00085.html
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/15335
Scores
EPSS
0.0393
EPSS Percentile
88.4%
Details
Status
published
Published
Dec 20, 2005
Tracked Since
Feb 18, 2026