vendor:
MidiCMS Website Builder
by:
Unknown
7.5
CVSS
HIGH
Local File Include, Arbitrary File Upload
CWE
Product Name: MidiCMS Website Builder
Affected Version From: MidiCMS Website Builder 2011
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested: Unknown
Unknown
MidiCMS Website Builder Local File Include and Arbitrary File Upload Vulnerabilities
MidiCMS Website Builder is prone to a local file-include vulnerability and an arbitrary-file-upload vulnerability. An attacker can exploit these issues to upload arbitrary files onto the webserver, execute arbitrary local files within the context of the webserver, and obtain sensitive information.
Mitigation:
Unknown