Vulners
Lucene search
odlican.net CMS 1.5 - Arbitrary File Upload
#odlican.net cms v.1.5 remote file upload vulnerability
#Author: Anonymous
#you can download following cms here
#http://cms.odlican.net/files/cmsv1-5.zip
#Info:odlican.net cms v.1.5 is simple opensource cms made by croatian web designers
and it has serious flaw.
#dork:Powered by odlican.net cms v.1.5
#what is vulnerable?
this is vulnerable part of code from upload.php and it will upload any file to /cms/files/ folder(including dangerous php scripts)
if ( isset($_POST['pokreni'])){
$target_path = "files/";
$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);
if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {echo "Datoteka ". basename( $_FILES['uploadedfile']['name']). " je snimljena na server";} else{ echo "Došlo je do greške pokušajte ponovno!";}
}
#there should be code that will filter some extensions like .php etc.....
#fixajte si taj kod. dodajte da skripta provjerava ekstenzije i velicinu filea
#pozzData
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
06 Feb 2010 00:00Current
7.4High risk
Vulners AI Score7.4