[Forgot Password]
Login  Register Subscribe

23631

 
 

122183

 
 

98060

 
 

909

 
 

79198

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2008-2267

Date: (C)2008-05-16   (M)2017-10-04 


Incomplete blacklist vulnerability in javaUpload.php in Postlet in the FileManager module in CMS Made Simple 1.2.4 and earlier allows remote attackers to execute arbitrary code by uploading a file with a name ending in (1) .jsp, (2) .php3, (3) .cgi, (4) .dhtml, (5) .phtml, (6) .php5, or (7) .jar, then accessing it via a direct request to the file in modules/FileManager/postlet/.

CVSS Score: 7.5Access Vector: NETWORK
Exploit Score: 10.0Access Complexity: LOW
Impact Score: 6.4Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: PARTIAL
 Availability: PARTIAL





Reference:
http://www.attrition.org/pipermail/vim/2008-May/001978.html
BID-29170
SECUNIA-30208
EXPLOIT-DB-5600
cmsmadesimple-javaupload-file-upload(42371)
http://blog.cmsmadesimple.org/2008/05/12/announcing-cms-made-simple-125/

CWE    1
CWE-20

© 2013 SecPod Technologies