AtomCMS SQL Injection and Arbitrary File Upload Vulnerabilities

2014-07-07T00:00:00
ID EDB-ID:39238
Type exploitdb
Reporter Jagriti Sahu
Modified 2014-07-07T00:00:00

Description

AtomCMS SQL Injection and Arbitrary File Upload Vulnerabilities. CVE-2014-4852. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/68437/info

AtomCMS is prone to an SQL-injection vulnerability and an arbitrary file-upload vulnerability.

Exploiting these issues could allow an attacker to upload arbitrary files, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 

http://www.example.com/acms/admin/uploads.php?id=1