Description
Multiple unrestricted file upload vulnerabilities in (1) register.php and (2) addvideo.php in BitScripts Bits Video Script 2.04 and 2.05 Gold Beta allow remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.
Exploits (2)
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/55738
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/38252
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/61826
Exploit x_refsource_misc
http://www.packetstormsecurity.com/1001-exploits/bitsvs-xssuploadrfi.txt
Scores
EPSS
0.0402
EPSS Percentile
88.5%
Details
CWE
CWE-20
Status
published
Products (2)
bitscripts/bits_video_script
2.04
bitscripts/bits_video_script
2.05 gold_beta
Published
Jan 21, 2010
Tracked Since
Feb 18, 2026