Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- CVE-2019-15524
- > [Description]
- > CSZ CMS 1.2.3 allows arbitrary file upload, as demonstrated by a .php file to admin/filemanager in the File Management Module, which
- > leads to remote code execution by visiting a photo/upload/2019/ URI.
- >
- > ------------------------------------------
- >
- > [VulnerabilityType Other]
- > Arbitrary file upload
- >
- > ------------------------------------------
- >
- > [Vendor of Product]
- > https://www.cszcms.com
- >
- > ------------------------------------------
- >
- > [Affected Product Code Base]
- > CSZ-CMS - 1.2.3
- >
- > ------------------------------------------
- >
- > [Attack Type]
- > Remote
- >
- > ------------------------------------------
- >
- > [Impact Code execution]
- > true
- >
- > ------------------------------------------
- >
- > [Attack Vectors]
- > CSZ-CMS v1.2.3 [filemanager] Arbitrary file upload vuln.
- >
- >
- > The CSZ-CMS Version 1.2.3 File Management Module allows arbitrary file uploads.
- > Upload the ".php" file to the "photo/upload/2019/" folder.
- > This folder is read and write and the files in this folder can be displayed or run.
- >
- > File manager link:
- > http://localhost/csz_cms/admin/filemanager
- >
- > The file after uploading, available at this link.
- > http://localhost/csz_cms/photo/upload/2019/exec_oneline.php
- >
- > ------------------------------------------
- >
- > [Reference]
- > https://www.cszcms.com
- Use CVE-2019-15524.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement