Description
Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by indoushka · textwebappsphp
https://www.exploit-db.com/exploits/11169
References (3)
Core 3
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/38018
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/61808
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/11169
Scores
EPSS
0.0298
EPSS Percentile
86.6%
Details
Status
published
Products (1)
phpf1/max\'s_image_uploader
1.0
Published
Jan 26, 2010
Tracked Since
Feb 18, 2026