CMScontrol 7.x File Upload

vendor:

CMScontrol

by:

Cyber_945

8,8

CVSS

HIGH

File Upload

434

CWE

Product Name: CMScontrol

Affected Version From: 7.x

Affected Version To: 7.x

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2020

A vulnerability in CMScontrol 7.x allows an attacker to upload arbitrary files to the server. By exploiting this vulnerability, an attacker can gain access to admin credentials.

Mitigation:

Ensure that the application is configured to only allow the upload of files with the appropriate file extensions and content types.

Source

Exploit-DB raw data:

#############################################################
#            CMScontrol 7.x File Upload                     #
#############################################################
# Author          : Cyber_945
# Home            : Ar-ge.Org
# Greetz          : D3xer and All Ar-ge.Org Members
# Not3            : Ar-ge.Org Online
# Name            : CMScontrol 7.x File Upload
# Bug Type        : File Upload
# Infection       : Adminin bilgileri alinabilir.
# Dork            : inurl:"index.php?id_menu="

#############################################################
=======================C=y=b=e=r=_=9=4=5================
<-- bug code start -- >

Exploit           : /admin/katalog.php?id_user=1&sesja=ukEyHkczqqU

Server            : http://server/admin/katalog.php?id_user=1&sesja=ukEyHkczqqU

=======================C=y=b=e=r=_=9=4=5================