Atomy Maxsite - index.php Arbitrary File Upload

2013-06-30T00:00:00
ID EXPLOITPACK:59912E6E1FDB8901017854B0CCD3ACE6
Type exploitpack
Reporter Iranian_Dark_Coders_Team
Modified 2013-06-30T00:00:00

Description

Atomy Maxsite - index.php Arbitrary File Upload

                                        
                                            source: https://www.securityfocus.com/bid/60859/info

Atomy Maxsite is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input.

An attacker can exploit this issue to upload arbitrary code and execute it in the context of the web server process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.

Atomy Maxsite versions 1.50 through 2.5 are vulnerable. 

http://www.example.com/[path]/index.php?name=research&file=add&op=research_add