CompactCMS 1.4.0 (tiny_mce) Remote File Upload

vendor:

CompactCMS

by:

ITSecTeam

9,3

CVSS

HIGH

Remote File Upload

434

CWE

Product Name: CompactCMS

Affected Version From: 1.4.0

Affected Version To: 1.4.0

Patch Exists: YES

Related CWE: CVE-2009-4010

CPE: a:compactcms:compactcms:1.4.0

Metasploit: https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2009-4010/, https://www.rapid7.com/db/vulnerabilities/suse-cve-2009-4010/

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: None

2009

CompactCMS 1.4.0 (tiny_mce) Remote File Upload

CompactCMS 1.4.0 is vulnerable to remote file upload.

Mitigation:

Upgrade to the latest version of CompactCMS.

Source

Exploit-DB raw data:

##########################################################
#Title: CompactCMS 1.4.0 (tiny_mce) Remote File Upload
#Vendor: http://www.compactcms.nl/
##########################################################
#AUTHOR: ITSecTeam
#Email: Bug@ITSecTeam.com
#Website: http://www.itsecteam.com
#Forum : http://forum.ITSecTeam.com
#Original Advisory: www.ITSecTeam.com/en/vulnerabilities/vulnerability52.htm
#Thanks: r3dm0v3, pejvak, am!rkh@n
##########################################################

#DESCRIPTION (by vendor):#################################
CompactCMS might just be the tenth CMS you considered using for your website.
If that's true, ask yourself why you haven't found the right Content
Management
System just yet. CompactCMS is light-weight, truly efficient and fully
Ajax loaded.

#POC:#####################################################
http://site.com/admin/includes/tiny_mce/plugins/
tinybrowser/upload.php