PT-2009-2087 · Sitexs · Sitex Cms
Published
2009-04-06
·
Updated
2018-10-11
·
CVE-2008-6617
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
SiteXS CMS version 0.1.1
Description
The issue allows remote attackers to execute arbitrary code by uploading a file with an executable extension to the
images/ directory via the adm/visual/upload.php script, and then accessing the uploaded file directly.Recommendations
For SiteXS CMS version 0.1.1, consider restricting or disabling the file upload functionality in
adm/visual/upload.php until a proper fix is available, and ensure that only authorized users can upload files to prevent exploitation.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sitex Cms