CompactCMS 1.4.0 (tiny_mce) Remote File Upload

2010.05.17
Credit: ITSecTeam
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

########################################################## #Title: CompactCMS 1.4.0 (tiny_mce) Remote File Upload #Vendor: http://www.compactcms.nl/ ########################################################## #AUTHOR: ITSecTeam #Email: Bug@ITSecTeam.com #Website: http://www.itsecteam.com #Forum : http://forum.ITSecTeam.com #Original Advisory: www.ITSecTeam.com/en/vulnerabilities/vulnerability52.htm #Thanks: r3dm0v3, pejvak, am!rkh@n ########################################################## #DESCRIPTION (by vendor):################################# CompactCMS might just be the tenth CMS you considered using for your website. If that's true, ask yourself why you haven't found the right Content Management System just yet. CompactCMS is light-weight, truly efficient and fully Ajax loaded. #POC:##################################################### http://site.com/admin/includes/tiny_mce/plugins/ tinybrowser/upload.php


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top