header-logo
Suggest Exploit
vendor:
MidiCMS Website Builder
by:
Unknown
7.5
CVSS
HIGH
Local File Include, Arbitrary File Upload
CWE
Product Name: MidiCMS Website Builder
Affected Version From: MidiCMS Website Builder 2011
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Unknown
Unknown

MidiCMS Website Builder Local File Include and Arbitrary File Upload Vulnerabilities

MidiCMS Website Builder is prone to a local file-include vulnerability and an arbitrary-file-upload vulnerability. An attacker can exploit these issues to upload arbitrary files onto the webserver, execute arbitrary local files within the context of the webserver, and obtain sensitive information.

Mitigation:

Unknown
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/47970/info

MidiCMS Website Builder is prone to a local file-include vulnerability and an arbitrary-file-upload vulnerability.

An attacker can exploit these issues to upload arbitrary files onto the webserver, execute arbitrary local files within the context of the webserver, and obtain sensitive information.

MidiCMS Website Builder 2011 is vulnerable; other versions may also be affected. 

http://www.example.com/admin/jscripts/tiny_mce/plugins/ezfilemanager/index.php
http://www.example.com/?html=../../../../../../../../../../boot.ini%00