vendor:
FreeCMS.us 0.2 (fckeditor)
by:
Stack
7.5
CVSS
HIGH
Arbitrary File Upload
434
CWE
Product Name: FreeCMS.us 0.2 (fckeditor)
Affected Version From: FreeCMS.us 0.2
Affected Version To: FreeCMS.us 0.2
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009
FreeCMS.us 0.2 (fckeditor) Arbitrary File Upload Exploit
This exploit allows an attacker to upload arbitrary files containing malicious PHP code to a vulnerable FreeCMS.us 0.2 (fckeditor) application. The vulnerable code is located in the /[path]/admin/fckeditor/editor/filemanager/upload/php/upload.php file.
Mitigation:
Ensure that the application is configured to only allow the upload of files with the appropriate MIME type and extension.