XHP CMS Version <= 0.5 File Upload Vulnerability Network Vulnerability

Summary

The remote webserver is hosting a PHP script which is vulnerable to a unrestricted file upload flaw. Description : XHP CMS is installed on the remote system. The installed application does not authenticate users to access the FileManager scripts located at: '/inc/htmlarea/plugins/FileManager/manager.php' and '/inc/htmlarea/plugins/FileManager/standalonemanager.php' This allows an attacker to upload content to the webserver, and execute arbitrary commands with privileges of the webserver account.

Solution

Upgrade to version 0.51 or a newer release.

References

http://www.securityfocus.com/bid/17209
http://xhp.targetit.ro/index.php?page=3&box_id=34&action=show_single_entry&post_id=10

Updated on 2015-03-25

Severity

Classification

CVE CVE-2006-1371
CVSS Base Score: 9.0
AV:N/AC:L/Au:S/C:C/I:C/A:C

Related Vulnerabilities

AjaXplorer zoho plugin Directory Traversal Vulnerability
ALCASAR Remote Code Execution Vulnerability
Apache Tomcat /servlet Cross Site Scripting
AlstraSoft AskMe Pro 'forum_answer.php' and 'profile.php' Multiple SQL Injection Vulnerabilities
Apache Solr XML External Entity(XXE) Vulnerability-02 Jan-14

Take action and discover your vulnerabilities