CVE-2009-3182

Name of the Vulnerable Software and Affected Versions Anantasoft Gazelle CMS version 1.0

Description The issue allows remote attackers to execute arbitrary code by uploading a file with an executable extension to the /admin/editor/filemanager/browser.html endpoint, and then accessing it via a direct request to the file in user/File/. This is due to an unrestricted file upload vulnerability.

Recommendations For Anantasoft Gazelle CMS version 1.0, restrict access to the browser.html file in the admin/editor/filemanager directory to prevent unauthorized file uploads. As a temporary workaround, consider disabling the file upload functionality in the browser.html file until a patch is available.