Zone-H.org - le.cms "cms/admin/upload.php" Security Bypass

le.cms "cms/admin/upload.php" Security Bypass

Written by Marcelo Almeida (Vympel)

Tuesday, 24 June 2008

t0pP8uZz has reported a vulnerability in le.cms, which can be exploited by malicious people to bypass certain security restrictions and compromise a vulnerable system.

The vulnerability is caused due to improper authentication in cms/admin/upload.php and can be exploited to e.g. upload a PHP file via a specially crafted POST request.

The vulnerability is reported in version 1.4. Other versions may also be affected...

Solution:
Restrict access to the cms/admin/upload.php script (e.g. with ".htaccess").

Provided and/or discovered by:
t0pP8uZz

Original Advisory:
http://milw0rm.com/exploits/5887

Original Article:
http://secunia.com/advisories/30797/

Comments Index (Total Messages: 0)

Post Reply
Name:	Guest
Title:
Comment:
Enter this security word

Powered by a Zone-H(ified) version of AkoComment 3.0!

DISCLAIMER: Forum postings are the opinion of the posting author alone, and should not be taken as the opinion of Zone-h. The author is entirely and solely responsible for all content that he/she uploads, posts, or otherwise transmits via the website. Zone-h is not responsible for such content. However, Zone-h shall have the right, but not the obligation, to delete, move, or edit any content that violates this agreement or is otherwise objectionable as determined by Zone-h in its sole discretion and without notice.

< Prev		Next >

[ Back ]