15 matches found
CVE-2020-27385
Incorrect Access Control in the FileEditor /Admin/Views/FileEditor/ in FlexDotnetCMS before v1.5.11 allows an authenticated remote attacker to read and write to existing files outside the web root. The files can be accessed via directory traversal, i.e., by entering a .. dot dot path such as...
CVE-2020-27386
An unrestricted file upload issue in FlexDotnetCMS before v1.5.9 allows an authenticated remote attacker to upload and execute arbitrary files by using the FileManager to upload malicious code e.g., ASP code in the form of a safe file type e.g., a TXT file, and then using the FileEditor in v1.5.8...
FlexDotnetCMS Arbitrary ASP File Upload
This module exploits an arbitrary file upload vulnerability in FlexDotnetCMS v1.5.8 and prior in order to execute arbitrary commands with elevated privileges. The module first tries to authenticate to FlexDotnetCMS via an HTTP POST request to /login. It then attempts to upload a random TXT file a...
FlexDotnetCMS 1.5.8 Arbitrary ASP File Upload
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'FlexDotnetCMS Arbitrary ASP File Upload', 'Description' = %q This module exploits an arbitrary file upload vulnerability in FlexDotnetCMS v1.5.8...
FlexDotnetCMS Access Control Error Vulnerability
FlexDotnetCMS is a flexible , easy to use and full-featured ASP .NET content management system CMS. An access control error vulnerability exists in FileEditor in FlexDotnetCMS versions prior to 1.5.11. A remote authenticated attacker can exploit this vulnerability to read or write existing files...
CVE-2020-27386
An unrestricted file upload issue in FlexDotnetCMS before v1.5.9 allows an authenticated remote attacker to upload and execute arbitrary files by using the FileManager to upload malicious code e.g., ASP code in the form of a safe file type e.g., a TXT file, and then using the FileEditor in v1.5.8...
CVE-2020-27385
Incorrect Access Control in the FileEditor /Admin/Views/FileEditor/ in FlexDotnetCMS before v1.5.11 allows an authenticated remote attacker to read and write to existing files outside the web root. The files can be accessed via directory traversal, i.e., by entering a .. dot dot path such as...
CVE-2020-27385
Incorrect Access Control in the FileEditor /Admin/Views/FileEditor/ in FlexDotnetCMS before v1.5.11 allows an authenticated remote attacker to read and write to existing files outside the web root. The files can be accessed via directory traversal, i.e., by entering a .. dot dot path such as...
CVE-2020-27386
An unrestricted file upload issue in FlexDotnetCMS before v1.5.9 allows an authenticated remote attacker to upload and execute arbitrary files by using the FileManager to upload malicious code e.g., ASP code in the form of a safe file type e.g., a TXT file, and then using the FileEditor in v1.5.8...
Unrestricted file upload
An unrestricted file upload issue in FlexDotnetCMS before v1.5.9 allows an authenticated remote attacker to upload and execute arbitrary files by using the FileManager to upload malicious code e.g., ASP code in the form of a safe file type e.g., a TXT file, and then using the FileEditor in v1.5.8...
Directory traversal
Incorrect Access Control in the FileEditor /Admin/Views/FileEditor/ in FlexDotnetCMS before v1.5.11 allows an authenticated remote attacker to read and write to existing files outside the web root. The files can be accessed via directory traversal, i.e., by entering a .. dot dot path such as...
CVE-2020-27385
FlexDotnetCMS contains an Incorrect Access Control vulnerability in the FileEditor (/Admin/Views/FileEditor/) affecting versions before 1.5.11. An authenticated remote attacker can read and write to existing files outside the web root. The issue is exposed via directory traversal (e.g., ............
CVE-2020-27385
Incorrect Access Control in the FileEditor /Admin/Views/FileEditor/ in FlexDotnetCMS before v1.5.11 allows an authenticated remote attacker to read and write to existing files outside the web root. The files can be accessed via directory traversal, i.e., by entering a .. dot dot path such as...
CVE-2020-27386
Vulnerability (CVE-2020-27386) in FlexDotnetCMS prior to 1.5.9 allows an authenticated attacker to upload arbitrary files via the FileManager, upload a safe file (e.g., TXT), rename it to an executable extension (e.g., ASP) using FileEditor or FileManager rename, and execute it via HTTP GET. Impa...
CVE-2020-27386
An unrestricted file upload issue in FlexDotnetCMS before v1.5.9 allows an authenticated remote attacker to upload and execute arbitrary files by using the FileManager to upload malicious code e.g., ASP code in the form of a safe file type e.g., a TXT file, and then using the FileEditor in v1.5.8...