vendor:
Galmeta Post CMS
by:
CWH Underground
N/A
CVSS
HIGH
Remote Code Execution / Arbitrary File Upload
CWE
Product Name: Galmeta Post CMS
Affected Version From: 0.2 and lower
Affected Version To: 0.2
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2008
Galmeta Post CMS <= 0.2 Remote Code Execution / Arbitrary File Upload
This exploit allows an attacker to execute remote code or upload arbitrary files on Galmeta Post CMS version 0.2 or lower. The first vulnerability is in the 'adodb-perf-module.inc.php' file, where an attacker can execute arbitrary PHP code. The second vulnerability is in the 'test.html' file of FCKeditor, where an attacker can upload arbitrary files. Restricting access to trusted users is recommended.
Mitigation:
Upgrade to a version higher than 0.2. Restrict access to trusted users for the 'test.html' file of FCKeditor.