This is a writeup describing an arbitrary file upload vulnerability in Kleophatra 0.1.4, allowing attackers to upload malicious PHP files via the avatar upload functionality. The vulnerability stems from insufficient file extension validation.
Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target:Kleophatra 0.1.4
Auth required
Prerequisites:Access to a vulnerable Kleophatra installation · User registration on the target site