CompactCMS 1.4.0 - 'tiny_mce' Arbitrary File Upload



EKU-ID: 19779 CVE: OSVDB-64715;OSVDB-64714 OSVDB-ID:
Author: ITSecTeam Published: 2010-05-15 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home 


##########################################################
#Title: CompactCMS 1.4.0 (tiny_mce) Remote File Upload
#Vendor: http://www.compactcms.nl/
##########################################################
#AUTHOR: ITSecTeam
#Email: Bug@ITSecTeam.com
#Website: http://www.itsecteam.com
#Forum : http://forum.ITSecTeam.com
#Original Advisory: www.ITSecTeam.com/en/vulnerabilities/vulnerability52.htm
#Thanks: r3dm0v3, pejvak, am!rkh@n
##########################################################

#DESCRIPTION (by vendor):#################################
CompactCMS might just be the tenth CMS you considered using for your website.
If that's true, ask yourself why you haven't found the right Content
Management
System just yet. CompactCMS is light-weight, truly efficient and fully
Ajax loaded.

#POC:#####################################################
http://site.com/admin/includes/tiny_mce/plugins/
tinybrowser/upload.php