TITLE: jQuery Lightweight Rich Text Editor (lwrte) Plugin uploader.php Arbitrary File Upload
PRODUCT: jQuery Lightweight Rich Text Editor (lwrte) Plugin
PRODUCT URL 1: http://code.google.com/p/lwrte/
PRODUCT URL 2: http://plugins.jquery.com/project/lwRTE
CHECKED VERSIONS: 1.2
RESEARCHERS: underground-stockholm.com
RESEARCHERS URL: http://underground-stockholm.com/

BUG:

Input passed as file uploads to the uploader.php script is not verified before being used to store files in the "uploads" directory. This can be exploited to execute arbitrary PHP code by uploading PHP files.




--