CVE-2008-2267 Information
Feb 14, 2021
cve
Description
Incomplete blacklist vulnerability in javaUpload.php in Postlet in the FileManager module in CMS Made Simple 1.2.4 and earlier allows remote attackers to execute arbitrary code by uploading a file with a name ending in (1) .jsp (2) .php3 (3) .cgi (4) .dhtml (5) .phtml (6) .php5 or (7) .jar then accessing it via a direct request to the file in modules/FileManager/postlet/.
Reference
http://blog.cmsmadesimple.org/2008/05/12/announcing-cms-made-simple-125/ http://secunia.com/advisories/30208 http://www.attrition.org/pipermail/vim/2008-May/001978.html http://www.securityfocus.com/bid/29170 https://exchange.xforce.ibmcloud.com/vulnerabilities/42371 https://www.exploit-db.com/exploits/5600
Share on: