Mobile USB Drive HD - Multiple Local File Inclusion / Arbitrary File Upload Vulnerabilities

source: https://www.securityfocus.com/bid/60847/info

Mobile USB Drive HD is prone to multiple local file-include and arbitrary file-upload vulnerabilities because it fails to adequately validate files before uploading them.

An attacker can exploit these issues to upload arbitrary files onto the web server, execute arbitrary local files within the context of the web server, and obtain sensitive information.

Mobile USB Drive HD 1.2 is vulnerable; other versions may also be affected. 

<table border="0" cellpadding="0" cellspacing="0">
<thead>
<tr><th>Name</th><th class="del">Delete</th></tr>
</thead>
<tbody id="filelist">
<tr><td><a href=_http://www.example.com/files/webshell-js.php.png.txt.iso.php.gif; 
class="file">webshell-js.php.png.txt.iso.php.gif</a></td>