Information from SiteBridge Inc.
Vulnerability ID:JVN#95589314
Title:Joruri Gw vulnerable to arbitrary file upload
Status:Vulnerable
This is a statement from the vendor itself with no modification by JPCERT/CC.
It was revealed to be able to upload a PHP file camouflaged in a picture about the picture upload function of JoruriGw.
* When it works by the system that PHP isn't moving.
This, fragile, it doesn't influence.
* When a system of PHP is working by a server of JoruriGw.
The setting which makes sure that the program of PHP won't be executed is necessary to the web server by which it's for Apache in the one from the document route of JoruriGw.
Please check the installation manual of a newest version about a setting method.
