vendor:
chillyCMS
by:
Unknown
7.5
CVSS
HIGH
Arbitrary File Upload
434
CWE
Product Name: chillyCMS
Affected Version From: 1.1.2003
Affected Version To: Unknown
Patch Exists: NO
Related CWE: Unknown
CPE: a:chillycms:chillycms:1.1.3
Platforms Tested:
Unknown
Arbitrary File Upload in chillyCMS
chillyCMS is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input.An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.
Mitigation:
To mitigate this vulnerability, it is recommended to sanitize and validate user-supplied input before processing it. Additionally, file upload functionality should be restricted to only allow specific file types and file size limitations should be enforced.