Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2267

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-2267
Last Modified 05 Sep 2008 05:39:57
Published 16 May 2008 08:54:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-2267

Summary

Incomplete blacklist vulnerability in javaUpload.php in Postlet in the FileManager module in CMS Made Simple 1.2.4 and earlier allows remote attackers to execute arbitrary code by uploading a file with a name ending in (1) .jsp, (2) .php3, (3) .cgi, (4) .dhtml, (5) .phtml, (6) .php5, or (7) .jar, then accessing it via a direct request to the file in modules/FileManager/postlet/.

Vulnerable Systems

Application

  • Cms Made Simple 1.2.4


References

XF - cmsmadesimple-javaupload-file-upload(42371)

BID - 29170

MILW0RM - 5600

VIM - 20080514 PHP File Upload Vulnerability with extra Extension

SECUNIA - 30208

CONFIRM - http://blog.cmsmadesimple.org/2008/05/12/announcing-cms-made-simple-125/


Last Updated: 27 May 2016 10:47:48