Page Manager CMS Remote Arbitrary File Upload Vulnerability

vendor:

Page Manager

by:

CWH Underground

9.3

CVSS

HIGH

Remote Arbitrary File Upload

264

CWE

Product Name: Page Manager

Affected Version From: 2/4/2006

Affected Version To: 2/4/2006

Patch Exists: YES

Related CWE: N/A

CPE: a:pagemanager:pagemanager:2006-02-04

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Page Manager CMS Remote Arbitrary File Upload Vulnerability

This vulnerability allows an attacker to upload malicious files directly to the web server. The attacker can exploit this vulnerability by sending a malicious file to the upload.php page of the Page Manager CMS.

Mitigation:

The vendor has released a patch to address this vulnerability.

Source

Exploit-DB raw data:

================================================================
  Page Manager CMS Remote Arbitrary File Upload Vulnerability
================================================================

  ,--^----------,--------,-----,-------^--,
  | |||||||||   `--------'     |          O	.. CWH Underground Hacking Team ..
  `+---------------------------^----------|
    `\_,-------, _________________________|
      / XXXXXX /`|     /
     / XXXXXX /  `\   /
    / XXXXXX /\______(
   / XXXXXX /           
  / XXXXXX /
 (________(             
  `------'


AUTHOR : CWH Underground
DATE   : 25 June 2008
SITE   : www.citec.us


#####################################################
 APPLICATION : Page Manager 
 VERSION     : 2006-02-04
 VENDOR      : N/A
 DOWNLOAD    : http://downloads.sourceforge.net/pagemanager
#####################################################

---Arbitrary File Upload Exploit---

	This Vulnerability can upload malicious files direct to web server.

[Anonymous Can arbitrary upload]

[+] Upload Path: http://[Target]/[pagemanager_path]/upload.php

[+] Shell Script: http://[Target]/[Evil File]


##################################################################
# Greetz: ZeQ3uL, BAD $ectors, Snapter, Conan, JabAv0C, Win7dos  #
##################################################################

# milw0rm.com [2008-06-25]