vendor:
Nakid CMS
by:
eidelweiss
8,8
CVSS
HIGH
Remote Arbitrary File Upload
434
CWE
Product Name: Nakid CMS
Affected Version From: 0.5.2
Affected Version To: 0.5.2
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Apache
2009
Nakid CMS (fckeditor) Remote Arbitrary File Upload Exploit
Nakid CMS is vulnerable to a remote arbitrary file upload vulnerability due to improper validation of user-supplied input. An attacker can exploit this vulnerability by uploading malicious files to the server, which can be used to execute arbitrary code on the server. The vulnerability exists in the 'config.php' file, which is located in the 'includes/js/fckeditor/editor/filemanager/connectors/php/' directory. The 'config.php' file contains the following code: '$Config['Enabled'] = true ;' and '$Config['UserFilesPath'] = '/nakid_uploads/' ;'. This allows an attacker to upload arbitrary files to the server, which can be used to execute arbitrary code.
Mitigation:
The best way to mitigate this vulnerability is to restrict access to the 'config.php' file and to ensure that the '$Config['Enabled']' and '$Config['UserFilesPath']' variables are set to 'false' and '/nakid_uploads/' respectively.
