This is a technical writeup describing an unrestricted file upload vulnerability in PodHawk 1.85, allowing authenticated users to upload arbitrary files leading to remote code execution. The vulnerability is located in the uploadify.php file, where insufficient validation allows malicious file uploads.
Classification
Writeup 90%
Target:
PodHawk 1.85
Auth required
Prerequisites:
Authenticated user access (Administrator or User role) · Access to the upload feature via the record1 page