File Upload Vulnerability in Ctrip CMS (XerCMS) at Member Avatar Upload
Ctrip CMS XerCMS is a content management system based on php+mysql, integrating membership, community, guestbook, news and model management. XerCMS has a file upload vulnerability at the member avatar upload. Since the program uses a blacklist filtering mechanism for the filename suffix of the...