PT-2010-5416 · Orbis · Orbis Cms

Mark Stanislav

Published

2010-12-02

Updated

2018-10-10

CVE-2010-4313

CVSS v2.0

6.0

Medium

Vector

AV:N/AC:M/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Orbis CMS version 1.0.2

Description The issue allows remote authenticated users to execute arbitrary code by uploading a .php file to the fileman file upload.php script and then accessing it via a direct request to the file in the uploads directory.

Recommendations For Orbis CMS version 1.0.2, consider restricting or disabling the file upload functionality in fileman file upload.php to prevent the execution of arbitrary code until a proper fix is available. Additionally, restrict access to the uploads directory to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2010-4313

Affected Products

Orbis Cms

PT-2010-5416 · Orbis · Orbis Cms

CVE-2010-4313

Related Identifiers

Affected Products

References · 8