PT-2015-5046 · Adaptcms · Adaptcms
Gjoko Krstic
·
Publicado
2015-01-16
·
Atualizado
2017-09-08
·
CVE-2015-1059
CVSS v2.0
6.5
Média
| Vetor | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
AdaptCMS version 3.0.3
Description
The issue allows remote authenticated users to execute arbitrary PHP code by uploading a file with a PHP extension to the "admin/files/add" endpoint, and then accessing it via a direct request to the file in /app/webroot/uploads.
Recommendations
For AdaptCMS version 3.0.3, consider restricting access to the "admin/files/add" endpoint to prevent unauthorized file uploads, and remove or restrict execution of PHP files in the /app/webroot/uploads directory until a fix is available.
Exploit
Correção
Code Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Adaptcms