CVE-2009-4817

Element-IT Ultimate Uploader 1.3 - Unauthenticated Arbitrary File Upload and Remote Code Execution

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-4817. PoCs published by Master Mind.

AI-analyzed exploit summary This is a writeup describing an arbitrary file upload vulnerability in Ultimate Uploader 1.3, allowing attackers to upload malicious files (e.g., shells) without authentication. No actual exploit code is provided.

Description

Unrestricted file upload vulnerability in Element-IT Ultimate Uploader 1.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in upload/.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Master Mind · textwebappsphp

https://www.exploit-db.com/exploits/10578

View Code ZIP pw:eip

This is a writeup describing an arbitrary file upload vulnerability in Ultimate Uploader 1.3, allowing attackers to upload malicious files (e.g., shells) without authentication. No actual exploit code is provided.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Ultimate Uploader 1.3

No auth needed

Prerequisites: Access to the web application's upload functionality

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1505.003 - Web Shell

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/54972

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/61237

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/10578

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/37880

Scores

EPSS 0.0337

EPSS Percentile 87.2%

Details

Status published

Products (1)

element-it/ultimate_uploader 1.3.0

Published Apr 27, 2010

Tracked Since Feb 18, 2026