B-Hind CMS (tiny_mce) Remote File Upload

vendor:

B-interference Lite CMS

by:

innrwrld & h00die

8,8

CVSS

HIGH

Remote File Upload

434

CWE

Product Name: B-interference Lite CMS

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2020

B-Hind CMS (tiny_mce) Remote File Upload

A vulnerability exists in B-interference Lite CMS, which allows an attacker to upload malicious files to the server. This is due to the lack of proper validation of the uploaded files. An attacker can exploit this vulnerability by sending a malicious file to the upload.php page in the tinybrowser plugin directory.

Mitigation:

The vendor should ensure proper validation of the uploaded files.

Source

Exploit-DB raw data:

####################################################
#Title: B-Hind CMS (tiny_mce) Remote File Upload
#Vendor: http://www.b-hind.eu/
####################################################
#AUTHOR: innrwrld & h00die
####################################################

#DESCRIPTION (by vendor):###########################
B-interference Lite is a simple CMS for *small websites*. Ideal for local
merchants or organizations. The content of page can be adjusted by*a simple
double click* on the text or title in question. bijmaken a page and / or
removal is easy to use buttons on the website menu.The system is naturally*
multilingual*.

#POC:###############################################
http://site.com/admin/includes/tiny_mce/plugins/tinybrowser/upload.php

#[EOF]