e-vision CMS 2.02 - SQL Injection / Arbitrary File Upload / Information Gathering

eVision 2.0 Sql Injection/Remote File Upload/IG AUTHOR : IRCRASH R3d.W0rm Sina Yazdanmehr Discovered by : IRCRASH R3d.W0rm Sina Yazdanmehr Our Site : Http://IRCRASH.COM IRCRASH Team Members : Dr.Crash - R3d.w0rm Sina Yazdanmehr Script Download :...

CVE-2006-5016

The CVE concerns Szava Gyula and Csaba Tamas e-Vision CMS (likely version 1.0). The vulnerable component is admin/x_image.php, where an unrestricted file upload allows remote attackers to place arbitrary files in the /imagebank directory. The vulnerability’s root cause is an unconstrained upload ...