CompactCMS version 1.4.0 suffers from a shell upload vulnerability.
bde2a1b50ebfba72ebfd084f8c05c0aef45218bd118cd43253ca036b742c2a57dear sir or madam
ITSecTeam has found new vulnerability in CompactCMS 1.4.0 (tiny_mce)
In the following contain some information about the bug
best regards
M3hr@n.s
Technical Manager
##########################################################
#Title: CompactCMS 1.4.0 (tiny_mce) Remote File Upload
#Vendor: http://www.compactcms.nl/
##########################################################
#AUTHOR: ITSecTeam
#Email: Bug@ITSecTeam.com
#Website: http://www.itsecteam.com
#Forum : http://forum.ITSecTeam.com
#Original Advisory: www.ITSecTeam.com/en/vulnerabilities/vulnerability52.htm
#Thanks: r3dm0v3, pejvak, am!rkh@n
##########################################################
#DESCRIPTION (by vendor):#################################
CompactCMS might just be the tenth CMS you considered using for your website.
If that's true, ask yourself why you haven't found the right Content
Management
System just yet. CompactCMS is light-weight, truly efficient and fully
Ajax loaded.
#POC:#####################################################
http://site.com/admin/includes/tiny_mce/plugins/
tinybrowser/upload.php
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed