- Vendor: zeitprax.com / blitzprax.com
- Product: Web@rchiv
- Version: 1.0
An arbitrary file upload vulnerability in Web@rchiv 1.0 allows attackers to execute arbitrary commands via a malicious PHP file.
To exploit the vulnerabilty you have to upload a php file which contains the shell_exec() function of php to execute local commands on the system. The Applications is intended for uploading documents but does not filter against extensions or anything else. By choosing the file it will be immediately uploaded and a direct hyperlink will be displayed.



