vendor:
Flux CMS
by:
EgiX
7.5
CVSS
HIGH
Remote Arbitrary File Overwrite
264
CWE
Product Name: Flux CMS
Affected Version From: 1.5.2000
Affected Version To: 1.5.2000
Patch Exists: NO
Related CWE: N/A
CPE: a:flux-cms:flux_cms
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009
Flux CMS <= 1.5.0 (loadsave.php) Remote Arbitrary File Overwrite Exploit
An attacker might be able to overwrite an existing file with arbitrary raw POST data. This proof-of-concept (PoC) tries to overwrite loadsave.php itself due to restrictions at lines 24-28.
Mitigation:
Restrict access to the vulnerable file and ensure that the file is not writable by any unauthorized user.
