CVE-2011-4334
published 2017-10-23CVE-2011-4334: edit.php in LabWiki 1.1 and earlier does not properly verify uploaded user files, which allows remote authenticated users to upload arbitrary PHP files via a…
PriorityP261high8.8CVSS 3.0
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
5.84%
92.3th percentile
edit.php in LabWiki 1.1 and earlier does not properly verify uploaded user files, which allows remote authenticated users to upload arbitrary PHP files via a PHP file with a .gif extension in the userfile parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| labwiki_project | labwiki | <= 1.1 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Attacker uploads a PHP webshell with a .gif extension via the 'userfile' parameter to edit.php to bypass file type validation. ↗
- →Monitor POST requests to edit.php containing a 'userfile' parameter where the uploaded file has a .gif extension but PHP content (e.g., <?php magic bytes absent, PHP tags present). ↗
- ·The vulnerability affects LabWiki 1.1 and earlier; exploitation requires the attacker to be authenticated. ↗
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Ubisoft Rayman Legends 1.2.103716 - Remote Stack Buffer Overflow (PoC)
exploitdb·2014-06-18
CVE-2014-4334 Ubisoft Rayman Legends 1.2.103716 - Remote Stack Buffer Overflow (PoC)
Ubisoft Rayman Legends 1.2.103716 - Remote Stack Buffer Overflow (PoC)
---
#!/usr/bin/perl
#
#
# Ubisoft Rayman Legends v1.2.103716 Remote Stack Buffer Overflow Vulnerability
#
#
# Vendor: Ubisoft Entertainment S.A.
# Product web page: http://www.ubi.com
# Affected version: 1.2.103716, 1.1.100477 and 1.0.95278
#
# Summary: Rayman Legends is a 2013 platform game developed by Ubisoft
# Montpellier and published by Ubisoft. It is the fifth main title in
# the Rayman series and the direct sequel to the 2011 game Rayman Origins.
# The game was released for Microsoft Windows, Xbox 360, PlayStation 3,
# Wii U, and PlayStation Vita platforms in August and September 2013.
# PlayStation 4 and Xbox One versions were released in February 2014.
#
# Desc: The vulnerability is caused due to a memset()
Exploit-DB
labwiki 1.1 - Multiple Vulnerabilities
exploitdb·2011-11-09
CVE-2011-4334 labwiki 1.1 - Multiple Vulnerabilities
labwiki 1.1 - Multiple Vulnerabilities
---
LabWiki alert('muuratsalo')&help=true&page=What_is_wiki
http://localhost/LabWiki/recentchanges.php?nothing=nothing&page_no=">alert('muuratsalo')
No writeups or analysis indexed.
2017-10-23
Published