PT-2009-4102 · Leap · Leap Cms

Yenh4Cker

Published

2009-05-11

Updated

2017-09-29

CVE-2009-1615

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: Leap CMS version 0.1.4

Description: The issue allows remote attackers to execute arbitrary code by uploading a file with an executable extension via an admin.system.files request to the default URI, then accessing the file via a direct request.

Recommendations: For Leap CMS version 0.1.4, restrict access to the admin.system.files (aka Manage Files) functionality to prevent unauthorized file uploads until a fix is available. As a temporary workaround, consider disabling the file upload feature via the admin.system.files endpoint to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2009-1615

Affected Products

Leap Cms

PT-2009-4102 · Leap · Leap Cms

CVE-2009-1615

Related Identifiers

Affected Products

References · 2