Vulners
Lucene search
Elcom CMS 7.4.10 Community Manager Insecure File Upload
Elcom CMS - Community Manager Insecure File Upload Vulnerability - Security
Advisory - SOS-12-008
Release Date. 24-Aug-2012
Last Update. -
Vendor Notification Date. 28-Oct-2011
Product. Elcom CMS - Community Manager
Platform. ASP.NET
Affected versions. Elcom Community Manager version 7.4.10 and
possibly others
Severity Rating. High
Impact. Exposure of system information
Exposure of sensitive information
System Access
Attack Vector. Remote with authentication
Solution Status. Fixed in version 7.5 and later (not verified by
SOS)
CVE reference. CVE - not yet assigned
Details.
The https://[server]/UploadStyleSheet.aspx script does not validate the file
type passed in the parameter "myfile0" on the server side allowing the
uploading and execution of ASPX files. An attacker can upload an ASPX web
shell and execute commands with web server user privileges.
Proof of Concept (port scanning).
A shell uploaded using the vulnerable
(https://[server]/UploadStyleSheet.aspx) script can be accessed at the
following location: https://[server]/UserUploadedStyles/shell.aspx
Solution.
Upgrade to version 7.5 or later.
Discovered by.
Phil Taylor and Nadeem Salim from Sense of Security Labs.
# 0day.today [2018-01-04] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
27 Aug 2012 00:00Current
7.1High risk
Vulners AI Score7.1