2 matches found
CVE-2010-1514
TomatoCMS 2.0.6 (and earlier) is affected by an Unrestricted file upload vulnerability. The CVE description shows that remote authenticated users with certain privileges can upload an image file and then access it via a direct request to the file in an unspecified directory to execute arbitrary P...
TomatoCMS 2.0.6 任意文件上传和跨站脚本漏洞
BUGTRAQ ID: 40544 CVE ID: CVE-2010-1514,CVE-2010-1515 TomatoCMS是一款开源的内容管理系统。 在向TomatoCMS添加新文章时没有对所上传的文件执行重复的验证,拥有Add new article、Upload file to server和Browse uploaded files权限的用户可以向服务器上传并执行恶意文件。 TomatoCMS没有正确地过滤提交给index.php/admin/news/article/list页面的keyword和article-...