PT-2015-5246 · Ferretcms · Ferretcms

Ghost

Published

2015-01-27

Updated

2015-01-28

CVE-2015-1371

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions ferretCMS version 1.0.4-alpha

Description The issue allows remote administrators to execute arbitrary code by uploading a file with an executable extension to the custom/uploads/ directory, and then accessing it via a direct request. This is due to an unrestricted file upload vulnerability.

Recommendations For ferretCMS version 1.0.4-alpha, restrict access to the custom/uploads/ directory to prevent direct execution of uploaded files, and consider implementing file type validation to prevent uploading files with executable extensions.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2015-1371

Affected Products

Ferretcms

PT-2015-5246 · Ferretcms · Ferretcms

CVE-2015-1371

Weakness Enumeration

Related Identifiers

Affected Products

References · 7