Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2745


Vulnerability Score 6.5 6.5
CVE Id CVE-2011-2745
Last Modified 21 Sep 2011 11:32:18
Published 26 Jul 2011 10:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE



upload_handler.php in the swfupload extension in Chyrp 2.0 and earlier relies on client-side JavaScript code to restrict the file extensions of uploaded files, which allows remote authenticated users to upload a .php file, and consequently execute arbitrary PHP code, via a write_post action to the default URI under admin/.

Vulnerable Systems


  • Chyrp 2.0


BID - 48672

MLIST - [oss-security] 20110713 Re: [oCERT-2011-001] Chyrp input sanitization errors

MLIST - [oss-security] 20110713 [oCERT-2011-001] Chyrp input sanitization errors


SREASON - 8314

Last Updated: 27 May 2016 10:57:06