Guest User

CVE-2019-15524

a guest
Aug 26th, 2019
1,157
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. CVE-2019-15524
  2.  
  3. > [Description]
  4. > CSZ CMS 1.2.3 allows arbitrary file upload, as demonstrated by a .php file to admin/filemanager in the File Management Module, which
  5. > leads to remote code execution by visiting a photo/upload/2019/ URI.
  6. >
  7. > ------------------------------------------
  8. >
  9. > [VulnerabilityType Other]
  10. > Arbitrary file upload
  11. >
  12. > ------------------------------------------
  13. >
  14. > [Vendor of Product]
  15. > https://www.cszcms.com
  16. >
  17. > ------------------------------------------
  18. >
  19. > [Affected Product Code Base]
  20. > CSZ-CMS - 1.2.3
  21. >
  22. > ------------------------------------------
  23. >
  24. > [Attack Type]
  25. > Remote
  26. >
  27. > ------------------------------------------
  28. >
  29. > [Impact Code execution]
  30. > true
  31. >
  32. > ------------------------------------------
  33. >
  34. > [Attack Vectors]
  35. > CSZ-CMS v1.2.3 [filemanager] Arbitrary file upload vuln.
  36. >
  37. >
  38. > The CSZ-CMS Version 1.2.3 File Management Module allows arbitrary file uploads.
  39. > Upload the ".php" file to the "photo/upload/2019/" folder.
  40. > This folder is read and write and the files in this folder can be displayed or run.
  41. >
  42. > File manager link:
  43. > http://localhost/csz_cms/admin/filemanager
  44. >
  45. > The file after uploading, available at this link.
  46. > http://localhost/csz_cms/photo/upload/2019/exec_oneline.php
  47. >
  48. > ------------------------------------------
  49. >
  50. > [Reference]
  51. > https://www.cszcms.com
  52.  
  53. Use CVE-2019-15524.
RAW Paste Data