vendor:
BloofoxCMS
by:
CWH Underground
7,5
CVSS
HIGH
Unrestricted File Upload
264
CWE
Product Name: BloofoxCMS
Affected Version From: 0.5.0
Affected Version To: 0.5.0
Patch Exists: NO
Related CWE: N/A
CPE: a:bloofox:bloofoxcms
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows and Linux
2013
Bloofox CMS Unrestricted File Upload Exploit
This application has an upload feature that allows an authenticated user with Administrator roles or Editor roles to upload arbitrary files to media directory cause remote code execution by simply request it.
Mitigation:
Restrict access to the application and ensure that it is running with the least privileges necessary.
