Description
betaparticle blog (bp blog), posisbly before version 4, allows remote attackers to bypass authentication and (1) upload files via a direct request to upload.asp or (2) delete files via a direct request to myFiles.asp.
Affected products
- betaparticle / betaparticle_blog2.0 – 2.0
- betaparticle / betaparticle_blog3.0 – 3.0