odlican.net cms v.1.5 remote file upload vulnerability

vendor:

cms

by:

Anonymous

7,5

CVSS

HIGH

Remote File Upload Vulnerability

434

CWE

Product Name: cms

Affected Version From: 1.5

Affected Version To: 1.5

Patch Exists: NO

Related CWE: N/A

CPE: odlican.net/cms

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2020

odlican.net cms v.1.5 remote file upload vulnerability

odlican.net cms v.1.5 is a simple opensource cms made by croatian web designers and it has a serious flaw. The vulnerable part of code from upload.php allows any file to be uploaded to the /cms/files/ folder, including dangerous php scripts.

Mitigation:

Filter some extensions like .php etc. and check the size of the file.

Source

Exploit-DB raw data:

#odlican.net cms v.1.5 remote file upload vulnerability


#Author: Anonymous


#you can download following cms here
#http://cms.odlican.net/files/cmsv1-5.zip



#Info:odlican.net cms v.1.5 is simple opensource cms made by croatian web designers
and it has serious flaw.


#dork:Powered by odlican.net cms v.1.5



#what is vulnerable?

this is vulnerable part of code from upload.php and it will upload any file to /cms/files/ folder(including dangerous php scripts)

if ( isset($_POST['pokreni'])){
	 $target_path = "files/";
	 $target_path = $target_path . basename( $_FILES['uploadedfile']['name']);
	 if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {echo "Datoteka ". basename( $_FILES['uploadedfile']['name']). " je snimljena na server";} else{ echo "Došlo je do greške pokušajte ponovno!";}
	 }




#there should be code that will filter some extensions like .php etc.....

#fixajte si taj kod. dodajte da skripta provjerava ekstenzije i velicinu filea

#pozz